| VID |
23126 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The DameWare NT Utilities software, according to its version number, has an information disclosure vulnerability. DameWare NT Utilities provides a centralized interface for remote management of Windows NT/2000/XP/2003 Servers and Workstations. DameWare NT Utilities versions 4.9 and earlier could allow a local attacker to obtain sensitive information. When the process DNTUS26 located in the remote machine is dumped from memory to a file with PMDump can obtain the user name and the password because both are stored in clear-text.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.securiteam.com/windowsntfocus/5TP0A2KFHW.html
http://www.securityfocus.com/archive/1/395987
http://securitytracker.com/alerts/2005/Apr/1013725.html
* Platforms Affected:
DameWare Development LLC, DameWare NT Utilities versions 4.9 and earlier
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of May 2005
Upgrade to the latest version of DameWare NT Utilities (4.9 later), when new version fixed this problem becomes available from the DameWare Products Development Web site at http://www.dameware.com/downloads |
| Related URL |
CVE-2005-1166 (CVE) |
| Related URL |
13200 (SecurityFocus) |
| Related URL |
20140 (ISS) |
|
