10 - MS00-095

Executive Summary

Informations
Name	MS00-095	First vendor Publication	N/A
Vendor	Microsoft	Last vendor Modification	N/A
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Registry Permissions Vulnerability

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:139

Oval ID:	oval:org.mitre.oval:def:139
Title:	Default Registry Permissions on SNMP Parameters
Description:	The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Permissions" vulnerabilities.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2001-0046	Version:	2
Platform(s):	Microsoft Windows NT	Product(s):	Simple Network Management Protocol (SNMP)
Definition Synopsis:
Software section Microsoft Windows NT is installed AND For Windows NT 4.0 Workstation, Server and Enterprise Edition File %windir%\system32\tcpcfg.dll version is less than 4.0.1381.7064 AND NOT Windows NT 4.0 Security Roll-up Package AND For Terminal Server this is an NT Terminal Server AND File %windir%\system32\tcpcfg.dll version is less than 4.0.1381.7097 AND NOT Patch Q265714 Installed AND Configuration section the SNMP service is enabled

Definition Id: oval:org.mitre.oval:def:140

Oval ID:	oval:org.mitre.oval:def:140
Title:	Default Registry Permissions on the MTS Package Admin Key
Description:	The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2001-0047	Version:	2
Platform(s):	Microsoft Windows NT	Product(s):	Microsoft Transaction Server (MTS)
Definition Synopsis:
Software section Microsoft Windows NT is installed AND For Windows NT 4.0 Workstation, Server and Enterprise Edition File %windir%\system32\tcpcfg.dll version is less than 4.0.1381.7064 AND NOT Windows NT 4.0 Security Roll-up Package AND For Terminal Server this is an NT Terminal Server AND File %windir%\system32\tcpcfg.dll version is less than 4.0.1381.7097 AND NOT Patch Q265714 Installed AND Configuration section MTS Enabled

Definition Id: oval:org.mitre.oval:def:500

Oval ID:	oval:org.mitre.oval:def:500
Title:	Default Permissions on RAS Administration Key
Description:	The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2001-0045	Version:	2
Platform(s):	Microsoft Windows NT	Product(s):	Remote Access Service (RAS)
Definition Synopsis:
Software section Microsoft Windows NT is installed AND For Windows NT 4.0 Workstation, Server and Enterprise Edition File %windir%\system32\tcpcfg.dll version is less than 4.0.1381.7064 AND NOT Windows NT 4.0 Security Roll-up Package AND For Terminal Server this is an NT Terminal Server AND File %windir%\system32\tcpcfg.dll version is less than 4.0.1381.7097 AND NOT Patch Q265714 Installed AND Configuration section RAS Enabled

CPE : Common Platform Enumeration

Type	Description	Count
Os	Microsoft Windows 2000 cpe:2.3:o:microsoft:windows_2000::::::::	1
Os	Microsoft Windows Nt cpe:2.3:o:microsoft:windows_nt:4.0:::::::* cpe:2.3:o:microsoft:windows_nt:terminal_server:::::::*	2

Open Source Vulnerability Database (OSVDB)

Id	Description
13480	Microsoft Windows NT MTS Package Administration Registry Key Permission Weakness
10648	Microsoft Windows NT Default SNMP Registry Key Permission Weakness Local Priv...
466	Microsoft Windows NT RAS Administration Registry Key Permission Weakness Loca...

Nessus® Vulnerability Scanner

Date	Description
2003-10-08	Name : A local user can gain additional privileges. File : smb_reg_MTS_access.nasl - Type : ACT_GATHER_INFO
2003-10-08	Name : Local users can gain additional privileges. File : smb_reg_snmp_access.nasl - Type : ACT_GATHER_INFO
2003-03-12	Name : The remote host is vulnerable to privilege escalation. File : smb_nt_ms02-001.nasl - Type : ACT_GATHER_INFO
2000-12-08	Name : Local users can gain additional privileges. File : smb_reg_ras_access.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:44:30	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	3
CPE ID(s)	3
osvdb(s)	3
Nessus® Exploit(s)	4

	Related
10	CVE-2001-0045
7.5	CVE-2001-0047
4.6	CVE-2001-0046
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

Copyright Security-Database 2006-2025 - Powered by themself ;) in 0.0437s

Facebook rss twitter linkedin mail