National Vulnerability Database (NVD) National Vulnerability Database (CVE-2005-0045)

National Cyber Awareness System

Vulnerability Summary for CVE-2005-0045

Original release date:05/02/2005

Last revised:09/10/2008

Source: US-CERT/NIST

Overview

The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields.

Impact

CVSS Severity (version 2.0 incomplete approximation):

CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Provides user account access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA05-039A

Name: TA05-039A

Type: Advisory; Patch Information

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA05-039A.html

US-CERT Vulnerability Note: VU#652537

Name: VU#652537

Type: Advisory; Patch Information

Hyperlink:http://www.kb.cert.org/vuls/id/652537

External Source: XF

Name: win-smb-code-execution(19089)

Type: Advisory; Patch Information

Hyperlink:http://xforce.iss.net/xforce/xfdb/19089

External Source: MS

Name: MS05-011

Type: Patch Information

Hyperlink:http://www.microsoft.com/technet/security/bulletin/ms05-011.mspx

External Source: NTBUGTRAQ

Name: 20050209 EEYE: Windows SMB Client Transaction Response Handling Vulnerability

Hyperlink:http://marc.theaimsgroup.com/?l=ntbugtraq&m=110795643831169&w=2

External Source: BUGTRAQ

Name: 20050309 Update: MS05-011 EEYE: Windows SMB Client Transaction Response Handling Vulnerability

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=111040962600205&w=2

External Source: BUGTRAQ

Name: 20050209 EEYE: Windows SMB Client Transaction Response Handling Vulnerability

Hyperlink:http://marc.theaimsgroup.com/?l=bugtraq&m=110792638401852&w=2

External Source: BID

Name: 12484

Hyperlink:http://www.securityfocus.com/bid/12484

US Government Resource: oval:org.mitre.oval:def:4043

Name: oval:org.mitre.oval:def:4043

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4043

US Government Resource: oval:org.mitre.oval:def:1889

Name: oval:org.mitre.oval:def:1889

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1889

US Government Resource: oval:org.mitre.oval:def:1847

Name: oval:org.mitre.oval:def:1847

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1847

US Government Resource: oval:org.mitre.oval:def:1606

Name: oval:org.mitre.oval:def:1606

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1606

References to Check Content

Identifier:oval:org.mitre.oval:def:1847

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1847

Identifier:oval:org.mitre.oval:def:1606

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1606

Identifier:oval:org.mitre.oval:def:1889

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1889

Identifier:oval:org.mitre.oval:def:4043

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:4043

Vulnerable software and versions

Configuration 1

* cpe:/o:microsoft:windows_2000:::advanced_server

* cpe:/o:microsoft:windows_2000:::professional

* cpe:/o:microsoft:windows_2000:::server

* cpe:/o:microsoft:windows_2000::sp1:advanced_server

* cpe:/o:microsoft:windows_2000::sp1:professional

* cpe:/o:microsoft:windows_2000::sp1:server

* cpe:/o:microsoft:windows_2000::sp2:advanced_server

* cpe:/o:microsoft:windows_2000::sp2:professional

* cpe:/o:microsoft:windows_2000::sp2:server

* cpe:/o:microsoft:windows_2000::sp3:advanced_server

* cpe:/o:microsoft:windows_2000::sp3:professional

* cpe:/o:microsoft:windows_2000::sp3:server

* cpe:/o:microsoft:windows_2000::sp4:advanced_server

* cpe:/o:microsoft:windows_2000::sp4:professional

* cpe:/o:microsoft:windows_2000::sp4:server

* cpe:/o:microsoft:windows_2003_server:enterprise::64-bit

* cpe:/o:microsoft:windows_2003_server:enterprise_64-bit

* cpe:/o:microsoft:windows_2003_server:r2::64-bit

* cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit

* cpe:/o:microsoft:windows_2003_server:standard::64-bit

* cpe:/o:microsoft:windows_2003_server:web

* cpe:/o:microsoft:windows_nt:4.0::enterprise_server

* cpe:/o:microsoft:windows_nt:4.0::server

* cpe:/o:microsoft:windows_nt:4.0::terminal_server

* cpe:/o:microsoft:windows_nt:4.0::workstation

* cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server

* cpe:/o:microsoft:windows_nt:4.0:sp1:server

* cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_server

* cpe:/o:microsoft:windows_nt:4.0:sp1:workstation

* cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server

* cpe:/o:microsoft:windows_nt:4.0:sp2:server

* cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_server

* cpe:/o:microsoft:windows_nt:4.0:sp2:workstation

* cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server

* cpe:/o:microsoft:windows_nt:4.0:sp3:server

* cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_server

* cpe:/o:microsoft:windows_nt:4.0:sp3:workstation

* cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server

* cpe:/o:microsoft:windows_nt:4.0:sp4:server

* cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_server

* cpe:/o:microsoft:windows_nt:4.0:sp4:workstation

* cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server

* cpe:/o:microsoft:windows_nt:4.0:sp5:server

* cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_server

* cpe:/o:microsoft:windows_nt:4.0:sp5:workstation

* cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server

* cpe:/o:microsoft:windows_nt:4.0:sp6a:server

* cpe:/o:microsoft:windows_nt:4.0:sp6a:terminal_server

* cpe:/o:microsoft:windows_nt:4.0:sp6a:workstation

* cpe:/o:microsoft:windows_xp:::64-bit

* cpe:/o:microsoft:windows_xp:::home

* cpe:/o:microsoft:windows_xp:::media_center

* cpe:/o:microsoft:windows_xp::gold:professional

* cpe:/o:microsoft:windows_xp::sp1:64-bit

* cpe:/o:microsoft:windows_xp::sp1:home

* cpe:/o:microsoft:windows_xp::sp1:media_center

* cpe:/o:microsoft:windows_xp::sp2:home

* cpe:/o:microsoft:windows_xp::sp2:media_center

* cpe:/o:microsoft:windows_xp::sp2:tablet_pc

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0045