Microsoft Windows SMB svcctl MSRPC Interface SCM Service Enumeration

Medium Nessus Plugin ID 18602


The remote host allows null session event log reading.


It is possible to anonymously read the event logs of the remote Windows 2000 host by connecting to the \srvsvc pipe and binding to the event log service, OpenEventLog().

An attacker may use this flaw to anonymously read the system logs of the remote host. As system logs typically include valuable information, an attacker may use them to perform a better attack against the remote host.


Install the Update Rollup Package 1 (URP1) for Windows 2000 SP4 or set the value RestrictGuestAccess on the Applications and System logs.

See Also

Plugin Details

Severity: Medium

ID: 18602

File Name: smb_event_log_null_session.nasl

Version: $Revision: 1.17 $

Type: local

Agent: windows

Family: Windows

Published: 2005/07/05

Modified: 2016/12/09

Dependencies: 10785, 10456

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Required KB Items: SMB/transport, SMB/name, SMB/login, SMB/password

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2005/07/07

Reference Information

CVE: CVE-2005-2150

BID: 14093, 14178

OSVDB: 17860