Detections
Analytics

Microsoft Windows SMB Service Enumeration via \srvsvc

medium Nessus Plugin ID 18585

Language:

Synopsis

The remote host allows null session enumeration of running services.

Description

This plugin connects to \srvsvc (instead of \svcctl) to enumerate the list of services running on the remote host on top of a NULL session.

An attacker may use this feature to gain better knowledge of the remote host.

Solution

Install the Update Rollup Package 1 (URP1) for Windows 2000 SP4.

See Also

https://www2.deloitte.com/fr/fr/pages/risque-compliance-et-controle-interne/articles/cyber-academy.html/ressources/presentations/null_sessions/.html

Plugin Details

Severity: Medium

ID: 18585

File Name: smb_enum_services_null_session.nasl

Version: 1.26

Type: local

Agent: windows

Family: Windows

Published: 6/29/2005

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/o:microsoft:windows_2000

Required KB Items: SMB/name, SMB/login, SMB/password, SMB/transport

Excluded KB Items: SMB/not_windows

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/7/2005

Reference Information

CVE: CVE-2005-2150

BID: 14093, 14177