CVE-2005-2150 - Vulnerability Details - OpenCVE

Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows 2000 Windows Nt

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_2000::::::::
	cpe:2.3:o:microsoft:windows_nt:4.0:::::::*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=112076409813099&w=2
http://secunia.com/advisories/14189
http://securitytracker.com/id?1014417
http://www.hsc.fr/ressources/presentations/null_sessions/
http://www.securityfocus.com/bid/14177
http://www.securityfocus.com/bid/14178
https://exchange.xforce.ibmcloud.com/vulnerabilities/21286
https://exchange.xforce.ibmcloud.com/vulnerabilities/21288

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-07-11T04:00:00

Updated: 2024-08-07T22:15:37.455Z

Reserved: 2005-07-06T00:00:00

Link: CVE-2005-2150

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2005-07-11T04:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2005-2150

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-07-07T00:00:00", "descriptions": [{"lang": "en", "value": "Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.hsc.fr/ressources/presentations/null_sessions/"}, {"name": "20050707 NULL sessions vulnerabilities using alternate named pipes", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=112076409813099&w=2"}, {"name": "1014417", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1014417"}, {"name": "14177", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/14177"}, {"name": "win-name-pipe-null-information-disclosure(21286)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21286"}, {"name": "14178", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/14178"}, {"name": "win-pipe-null-eventlog-information-disclosure(21288)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21288"}, {"name": "14189", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/14189"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-2150", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.hsc.fr/ressources/presentations/null_sessions/", "refsource": "MISC", "url": "http://www.hsc.fr/ressources/presentations/null_sessions/"}, {"name": "20050707 NULL sessions vulnerabilities using alternate named pipes", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=112076409813099&w=2"}, {"name": "1014417", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1014417"}, {"name": "14177", "refsource": "BID", "url": "http://www.securityfocus.com/bid/14177"}, {"name": "win-name-pipe-null-information-disclosure(21286)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21286"}, {"name": "14178", "refsource": "BID", "url": "http://www.securityfocus.com/bid/14178"}, {"name": "win-pipe-null-eventlog-information-disclosure(21288)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21288"}, {"name": "14189", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/14189"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T22:15:37.455Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.hsc.fr/ressources/presentations/null_sessions/"}, {"name": "20050707 NULL sessions vulnerabilities using alternate named pipes", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=112076409813099&w=2"}, {"name": "1014417", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1014417"}, {"name": "14177", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/14177"}, {"name": "win-name-pipe-null-information-disclosure(21286)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21286"}, {"name": "14178", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/14178"}, {"name": "win-pipe-null-eventlog-information-disclosure(21288)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21288"}, {"name": "14189", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/14189"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-2150", "datePublished": "2005-07-11T04:00:00", "dateReserved": "2005-07-06T00:00:00", "dateUpdated": "2024-08-07T22:15:37.455Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog."}], "id": "CVE-2005-2150", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-07-11T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=112076409813099&w=2"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/14189"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1014417"}, {"source": "cve@mitre.org", "url": "http://www.hsc.fr/ressources/presentations/null_sessions/"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/14177"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/14178"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21286"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21288"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=112076409813099&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/14189"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1014417"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.hsc.fr/ressources/presentations/null_sessions/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/14177"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/14178"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21286"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21288"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}