| VID |
26020 |
| Severity |
30 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (Q283001) for the "Malformed PPTP Packet Stream" problem has not been applied. But the Windows NT 4.0 system is only affected if PPTP services are installed and running on the machine. Point-to-point Tunneling Protocol (PPTP) is a protocol designed to provide secure remote connections over insecure channels.
Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* Platforms Affected:
Microsoft Windows NT
* References:
http://www.iss.net/security_center/static/6103.php
http://www.microsoft.com/technet/security/bulletin/MS01-009.asp |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS01-009. (http://www.microsoft.com/technet/security/bulletin/ms01-009.asp)
* Note: The patch can be applied atop systems running Windows NT 4.0 Service Pack 6a. It will be included in Windows NT 4.0 Service Pack 7. |
| Related URL |
CVE-2001-0017 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
