| VID |
26160 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The remote host is vulnerable to a MSRPC SVCCTL Service Enumeration vulnerability. Microsoft Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes (srvsvc instead of svcctl), which allows a remote attacker to enumerate installed or running services on an affected computer. A remote attacker can invoke the svcctl Microsoft RPC interface to connect to the Service Control Manager and determine which servers are installed or currently running on the targeted system. It may also be possible to start or stop Windows services by exploiting this flaw.
* References:
http://support.microsoft.com/kb/891861
http://www.hsc.fr/ressources/presentations/null_sessions/msrpc_null_sessions.pdf
http://support.microsoft.com/kb/842209
http://www.securitytracker.com/alerts/2005/Jul/1014417.html
http://securityfocus.com/archive/1/404547
* Platforms Affected:
Microsoft Windows NT 4.0 SP6a
Microsoft Windows 2000 SP4 |
| Recommendation |
For Microsoft Windows 2000:
Apply the Update Rollup Package 1 (KB891861), as listed in Microsoft Knowledge Base Article - 891861 at http://support.microsoft.com/kb/891861
-- OR --
As a workaround, modify specific registry entries and configuration options as listed in Microsoft Knowledge Base Article 842209 at http://support.microsoft.com/kb/842209 |
| Related URL |
CVE-2005-2150 (CVE) |
| Related URL |
14093,14177 (SecurityFocus) |
| Related URL |
21286 (ISS) |
|
