 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.801991 |
| Categoría: | Windows |
| Título: | Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability |
| Resumen: | Microsoft Windows is prone to an authentication bypass; vulnerability via SMB/NETBIOS. |
| Descripción: | Summary: Microsoft Windows is prone to an authentication bypass vulnerability via SMB/NETBIOS. Vulnerability Insight: The flaw is due to an SMB share, allows full access to Guest users. If the Guest account is enabled, anyone can access the computer without a valid user account or password. Vulnerability Impact: Successful exploitation could allow attackers to use shares to cause the system to crash. Affected Software/OS: - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT - Microsoft Windows 2000 - Microsoft Windows in other implementations / versions might be affected as well Solution: A workaround is to: - Disable null session login - Remove the share - Enable passwords on the share CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-1999-0519 https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0519 Common Vulnerability Exposure (CVE) ID: CVE-1999-0520 https://exchange.xforce.ibmcloud.com/vulnerabilities/3 Common Vulnerability Exposure (CVE) ID: CVE-2002-1117 Bugtraq: 20020906 UPDATE: (Was Veritas Backup Exec opens networks for NetBIOS based attacks?) (Google Search) http://marc.info/?l=bugtraq&m=103134930629683&w=2 Bugtraq: 20020906 Veritas Backup Exec opens networks for NetBIOS based attacks? (Google Search) http://marc.info/?l=bugtraq&m=103134395124579&w=2 http://www.osvdb.org/8230 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1036 XForce ISS Database: veritas-backupexec-restrictanonymous-zero(10093) https://exchange.xforce.ibmcloud.com/vulnerabilities/10093 |
| Copyright | Copyright (C) 2011 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |