Detections
Analytics
MS05-046: Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589) (uncredentialed check)
critical Nessus Plugin ID 20006
Synopsis
A flaw in the client service for NetWare may allow an attacker to execute arbitrary code on the remote host.Description
The remote host contains a version of the Client Service for NetWare that is vulnerable to a buffer overflow.An attacker may exploit this flaw by connecting to the NetWare RPC service (possibly over IP) and triggering the overflow by sending a malformed RPC request.
Solution
Microsoft has released a set of patches for Windows 2000, XP and 2003.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-046
Plugin Details
Severity: Critical
ID: 20006
File Name: smb_kb899589.nasl
Version: 1.26
Type: local
Agent: windows
Family: Windows
Published: 10/11/2005
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.8
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: x-cpe:/a:microsoft:windows:netwareclnt, cpe:/o:microsoft:windows
Required KB Items: Host/OS/smb
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 10/11/2005
Exploitable With
CANVAS (CANVAS)
Core Impact
Reference Information
CVE: CVE-2005-1985
BID: 15066
MSFT: MS05-046
MSKB: 899589