Vulnerability Name:

CVE-2005-2150 (CCN-21286)

Assigned:2005-07-07
Published:2005-07-07
Updated:2017-07-11
Summary:Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2005-2150

Source: BUGTRAQ
Type: UNKNOWN
20050707 NULL sessions vulnerabilities using alternate named pipes

Source: CCN
Type: SA14189
Windows Anonymous Named Pipe Connection Information Disclosure

Source: SECUNIA
Type: UNKNOWN
14189

Source: CCN
Type: SECTRACK ID: 1014417
Microsoft Windows Named Pipe NULL Session Bugs in svcctl and eventlog RPC Interfaces Disclose Information to Remote Users

Source: SECTRACK
Type: UNKNOWN
1014417

Source: CCN
Type: Microsoft Knowledge Base Article 842209
You receive an "Access is denied" error message when you try to access an event log on a Windows Server 2003-based computer or on a Windows 2000-based computer

Source: CCN
Type: Microsoft Knowledge Base Article 891861
Update Rollup 1 for Windows 2000 SP4

Source: MISC
Type: UNKNOWN
http://www.hsc.fr/ressources/presentations/null_sessions/

Source: CCN
Type: Hervé Schauer Consultants Web site
MSRPC null sessions: exploitation and protection

Source: BID
Type: UNKNOWN
14177

Source: CCN
Type: BID-14177
Microsoft Windows MSRPC SVCCTL Service Enumeration Vulnerability

Source: BID
Type: UNKNOWN
14178

Source: CCN
Type: BID-14178
Microsoft Windows MSRPC Eventlog Information Disclosure Vulnerability

Source: XF
Type: UNKNOWN
msrpc-name-pipe-null-information-disclosure(21286)

Source: XF
Type: UNKNOWN
win-name-pipe-null-information-disclosure(21286)

Source: XF
Type: UNKNOWN
win-pipe-null-eventlog-information-disclosure(21288)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2005-2150 (CCN-21288)

    Assigned:2005-07-07
    Published:2005-07-07
    Updated:2005-07-07
    Summary:Microsoft Windows NT 4.0 and 2000 could allow a remote attacker to obtain sensitive information caused by a vulnerability in the processing of named pipes for NULL sessions. A remote attacker can initiate the eventlog RPC interface to connect to the Windows eventlog and read sensitive information such as the application or system eventlog.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): None
    Availibility (A): None
    CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): None
    Availibility (A): None
    5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): None
    Availibility (A): None
    Vulnerability Consequences:Obtain Information
    References:Source: MITRE
    Type: CNA
    CVE-2005-2150

    Source: CCN
    Type: SA14189
    Windows Anonymous Named Pipe Connection Information Disclosure

    Source: CCN
    Type: SECTRACK ID: 1014417
    Microsoft Windows Named Pipe NULL Session Bugs in svcctl and eventlog RPC Interfaces Disclose Information to Remote Users

    Source: CCN
    Type: Microsoft Knowledge Base Article 842209
    You receive an "Access is denied" error message when you try to access an event log on a Windows Server 2003-based computer or on a Windows 2000-based computer

    Source: CCN
    Type: Microsoft Knowledge Base Article 891861
    Update Rollup 1 for Windows 2000 SP4

    Source: CCN
    Type: Hervé Schauer Consultants Web site
    MSRPC null sessions: exploitation and protection

    Source: CCN
    Type: BID-14177
    Microsoft Windows MSRPC SVCCTL Service Enumeration Vulnerability

    Source: CCN
    Type: BID-14178
    Microsoft Windows MSRPC Eventlog Information Disclosure Vulnerability

    Source: XF
    Type: UNKNOWN
    msrpc-pipe-null-eventlog-information-disc(21288)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft windows 2000 *
    microsoft windows nt 4.0
    microsoft windows nt 4.0
    microsoft windows 2000 *