Vulnerability Description
The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka "NETLOGON Spoofing Vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2003 Server | All versions |
| Microsoft | Windows Server 2008 | All versions |
| Microsoft | Windows Server 2012 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Exploit
- http://seclists.org/fulldisclosure/2015/Mar/60
- http://www.coresecurity.com/advisories/windows-pass-through-authentication-methoExploit
- http://www.securitytracker.com/id/1031891
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-02
- https://www.samba.org/samba/history/samba-4.2.10.html
- http://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Exploit
- http://seclists.org/fulldisclosure/2015/Mar/60
- http://www.coresecurity.com/advisories/windows-pass-through-authentication-methoExploit
- http://www.securitytracker.com/id/1031891
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-02
- https://www.samba.org/samba/history/samba-4.2.10.html
FAQ
What is CVE-2015-0005?
CVE-2015-0005 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to s...
How severe is CVE-2015-0005?
CVE-2015-0005 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0005?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2003 Server, Microsoft Windows Server 2008, Microsoft Windows Server 2012.