Microsoft Windows SMB Service Enumeration via \srvsvc

Medium Nessus Plugin ID 18585


The remote host allows null session enumeration of running services.


This plugin connects to \srvsvc (instead of \svcctl) to enumerate the list of services running on the remote host on top of a NULL session.

An attacker may use this feature to gain better knowledge of the remote host.


Install the Update Rollup Package 1 (URP1) for Windows 2000 SP4.

See Also

Plugin Details

Severity: Medium

ID: 18585

File Name: smb_enum_services_null_session.nasl

Version: $Revision: 1.24 $

Type: local

Agent: windows

Family: Windows

Published: 2005/06/29

Modified: 2016/12/09

Dependencies: 10456, 10785

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows_2000

Required KB Items: SMB/transport, SMB/name, SMB/login, SMB/password

Excluded KB Items: SMB/not_windows

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2005/07/07

Reference Information

CVE: CVE-2005-2150

BID: 14093, 14177

OSVDB: 17859, 17860