CVE-2005-2150 Information

Feb 14, 2021 cve

Description

Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog.

Reference

http://marc.info/?l=bugtraq&m=112076409813099&w=2 http://secunia.com/advisories/14189 http://securitytracker.com/id?1014417 http://www.hsc.fr/ressources/presentations/null_sessions/ http://www.securityfocus.com/bid/14177 http://www.securityfocus.com/bid/14178 https://exchange.xforce.ibmcloud.com/vulnerabilities/21286 https://exchange.xforce.ibmcloud.com/vulnerabilities/21288

Share on: