Vulnerability CVE-2005-3644 - CERT Civis.Net

Vulnerability Name:

CVE-2005-3644 (CCN-23066)

Assigned:

2005-11-14

Published:

2005-11-14

Updated:

2019-04-30

Summary:

PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.

CVSS v3 Severity:

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2005-3644

Source: MISC
Type: UNKNOWN
http://research.eeye.com/html/alerts/zeroday/20051116.html

Source: CCN
Type: SA17595
Microsoft Windows UPnP GetDeviceList Denial of Service

Source: SECUNIA
Type: Vendor Advisory
17595

Source: CCN
Type: SECTRACK ID: 1015233
Microsoft Windows RPC Service May Let Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1015233

Source: MISC
Type: UNKNOWN
http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116

Source: MISC
Type: Vendor Advisory
http://www.frsirt.com/exploits/20051117.Win_upnp_getdevicelist.c.php

Source: CCN
Type: Microsoft Security Advisory (911052)
Memory Allocation Denial of Service Via RPC

Source: MSKB
Type: Vendor Advisory
911052

Source: CCN
Type: OSVDB ID: 30823
Microsoft Windows Print Spooler (spoolsv.exe) RpcGetPrinterData Function DoS

Source: CCN
Type: Securiteam Web site
Windows 2000 Server UPNP DoS (Exploit)

Source: MISC
Type: Exploit
http://www.securiteam.com/exploits/6V00C15EKM.html

Source: BID
Type: UNKNOWN
15460

Source: CCN
Type: BID-15460
Microsoft Windows Plug and Play Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
win-msrpc-memalloc-dos(23066)

Source: EXPLOIT-DB
Type: UNKNOWN
1328

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:server:*:*:*

Denotes that component is vulnerable