Microsoft Windows SMB svcctl MSRPC Interface SCM Service Enumeration

medium Nessus Plugin ID 18602

Synopsis

The remote host allows null session event log reading.

Description

It is possible to anonymously read the event logs of the remote Windows 2000 host by connecting to the \srvsvc pipe and binding to the event log service, OpenEventLog().

An attacker may use this flaw to anonymously read the system logs of the remote host. As system logs typically include valuable information, an attacker may use them to perform a better attack against the remote host.

Solution

Install the Update Rollup Package 1 (URP1) for Windows 2000 SP4 or set the value RestrictGuestAccess on the Applications and System logs.

See Also

https://seclists.org/fulldisclosure/2005/Jul/135

Plugin Details

Severity: Medium

ID: 18602

File Name: smb_event_log_null_session.nasl

Version: 1.20

Type: local

Agent: windows

Family: Windows

Published: 7/5/2005

Updated: 9/21/2020

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/name, SMB/login, SMB/password, SMB/transport

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/7/2005

Reference Information

CVE: CVE-2005-2150

BID: 14093, 14178