Vulnerability Description
Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows Nt | 4.0 |
References
- http://marc.info/?l=bugtraq&m=112076409813099&w=2
- http://secunia.com/advisories/14189
- http://securitytracker.com/id?1014417
- http://www.hsc.fr/ressources/presentations/null_sessions/
- http://www.securityfocus.com/bid/14177
- http://www.securityfocus.com/bid/14178
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21286
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21288
- http://marc.info/?l=bugtraq&m=112076409813099&w=2
- http://secunia.com/advisories/14189
- http://securitytracker.com/id?1014417
- http://www.hsc.fr/ressources/presentations/null_sessions/
- http://www.securityfocus.com/bid/14177
- http://www.securityfocus.com/bid/14178
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21286
FAQ
What is CVE-2005-2150?
CVE-2005-2150 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows...
How severe is CVE-2005-2150?
CVE-2005-2150 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2150?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows Nt.