Vulnerability Name:

CVE-2005-2307 (CCN-21355)

Assigned:2005-07-14
Published:2005-07-14
Updated:2019-04-30
Summary:netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: Full-Disclosure Mailing List, Thu Jul 14 2005 - 02:13:48 CDT
Windows Netman Service Local DOS Vulnerability

Source: MITRE
Type: CNA
CVE-2005-2307

Source: CCN
Type: SA16065
Microsoft Windows Network Connections Service Denial of Service

Source: SECUNIA
Type: Vendor Advisory
16065

Source: CCN
Type: SA17172
Avaya Various Products Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
17172

Source: CCN
Type: SA17223
Nortel Centrex IP Client Manager Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
17223

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf

Source: CCN
Type: Microsoft Security Bulletin MS05-045
Vulnerability in Network Connection Manager Could Allow Denial of Service (905414)

Source: CCN
Type: BID-14093
Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed

Source: BID
Type: Exploit
14260

Source: CCN
Type: BID-14260
Microsoft Windows Network Connections Manager Library Local Denial of Service Vulnerability

Source: MS
Type: UNKNOWN
MS05-045

Source: XF
Type: UNKNOWN
network-connection-manager-dos(21355)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1250

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1254

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1289

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1532

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:786

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:windows_2003:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:786
    V
    Network Connection Manager Interruption of Service (Server 2003,SP1)
    2011-05-16
    oval:org.mitre.oval:def:1532
    V
    Network Connection Manager Interruption of Service (Windows XP,SP2)
    2011-05-16
    oval:org.mitre.oval:def:1250
    V
    Network Connection Manager Interruption of Service (Server 2003)
    2011-05-16
    oval:org.mitre.oval:def:1254
    V
    Network Connection Manager Interruption of Service (Windows XP,SP1)
    2011-05-16
    oval:org.mitre.oval:def:1289
    V
    Network Connection Manager Interruption of Service (Windows 2000)
    2011-05-16
    BACK
    microsoft windows 2000 *
    microsoft windows 2000 * sp1
    microsoft windows 2000 * sp2
    microsoft windows 2000 * sp3
    microsoft windows 2000 * sp4
    microsoft windows xp *
    microsoft windows xp *
    microsoft windows xp * gold
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows xp - sp1
    microsoft windows 2000 - sp4
    microsoft windows xp sp2
    microsoft windows 2003_server sp1
    microsoft windows 2003 *