CVE-2004-0567 - OpenCVE

The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows Nt Windows 2000 Windows 2003 Server

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_2000::sp3::::::*
	cpe:2.3:o:microsoft:windows_2000::sp4::::::*
	cpe:2.3:o:microsoft:windows_2003_server:64-bit:::::::*
	cpe:2.3:o:microsoft:windows_2003_server:r2:::::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:::::*

References

Link	Resource
http://secunia.com/advisories/13466
http://securitytracker.com/id?1012517
http://www.ciac.org/ciac/bulletins/p-054.shtml	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/378160	Patch Third Party Advisory US Government Resource
http://www.osvdb.org/12370
http://www.securityfocus.com/bid/11922
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-045
https://exchange.xforce.ibmcloud.com/vulnerabilities/18259

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2004-12-31T05:00:00

Updated: 2018-10-12T19:57:01

Reserved: 2004-06-15T00:00:00

Link: CVE-2004-0567

JSON object: View

NVD Information

Status : Modified

Published: 2004-12-31T05:00:00.000

Modified: 2019-04-30T14:27:13.913

Link: CVE-2004-0567

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-12-14T00:00:00", "descriptions": [{"lang": "en", "value": "The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an \"unchecked buffer\" and possibly triggers a buffer overflow, aka the \"Name Validation Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "13466", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/13466"}, {"name": "VU#378160", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/378160"}, {"name": "1012517", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1012517"}, {"name": "12370", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/12370"}, {"name": "wins-memory-pointer-hijack(18259)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18259"}, {"name": "11922", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/11922"}, {"name": "P-054", "tags": ["third-party-advisory", "government-resource", "x_refsource_CIAC"], "url": "http://www.ciac.org/ciac/bulletins/p-054.shtml"}, {"name": "MS04-045", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-045"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0567", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an \"unchecked buffer\" and possibly triggers a buffer overflow, aka the \"Name Validation Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "13466", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/13466"}, {"name": "VU#378160", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/378160"}, {"name": "1012517", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1012517"}, {"name": "12370", "refsource": "OSVDB", "url": "http://www.osvdb.org/12370"}, {"name": "wins-memory-pointer-hijack(18259)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18259"}, {"name": "11922", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11922"}, {"name": "P-054", "refsource": "CIAC", "url": "http://www.ciac.org/ciac/bulletins/p-054.shtml"}, {"name": "MS04-045", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-045"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0567", "datePublished": "2004-12-31T05:00:00", "dateReserved": "2004-06-15T00:00:00", "dateUpdated": "2018-10-12T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "BE1A6107-DE00-4A1C-87FC-9E4015165B5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "D2CA1674-A8A0-479A-9D80-344D3C563A24", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*", "matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*", "matchCriteriaId": "BCC5E316-FB61-408B-BAA2-7FE03D581250", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "matchCriteriaId": "90CFA69B-7814-4F97-A14D-D76310065CF3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an \"unchecked buffer\" and possibly triggers a buffer overflow, aka the \"Name Validation Vulnerability.\""}], "id": "CVE-2004-0567", "lastModified": "2019-04-30T14:27:13.913", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/13466"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1012517"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ciac.org/ciac/bulletins/p-054.shtml"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/378160"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/12370"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/11922"}, {"source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-045"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18259"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}