| VID |
26159 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The remote host is vulnerable to a MSRPC Eventlog Information Disclosure vulnerability. Microsoft Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows a remote attacker to read the eventlog of an affected computer. A remote attacker may use this vulnerability to anonymously read the application or system eventlog. Information gathered through the exploitation of this vulnerability may aid in other attacks.
* References:
http://support.microsoft.com/kb/891861
http://www.hsc.fr/ressources/presentations/null_sessions/msrpc_null_sessions.pdf
http://support.microsoft.com/kb/842209
http://www.securitytracker.com/alerts/2005/Jul/1014417.html
http://securityfocus.com/archive/1/404547
* Platforms Affected:
Microsoft Windows NT 4.0 SP6a
Microsoft Windows 2000 SP4 |
| Recommendation |
For Microsoft Windows 2000:
Apply the Update Rollup Package 1 (KB891861), as listed in Microsoft Knowledge Base Article - 891861 at http://support.microsoft.com/kb/891861
-- OR --
As a workaround, modify specific registry entries and configuration options as listed in Microsoft Knowledge Base Article 842209 at http://support.microsoft.com/kb/842209 |
| Related URL |
CVE-2005-2150 (CVE) |
| Related URL |
14093,14178 (SecurityFocus) |
| Related URL |
21288 (ISS) |
|
