CVE-2005-1985 - OpenCVE

The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows Xp Windows 2000 Windows 2003 Server

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_2000::sp4::fr::::
	cpe:2.3:o:microsoft:windows_2003_server:r2:::::::*
	cpe:2.3:o:microsoft:windows_2003_server:sp1:::::::*
	cpe:2.3:o:microsoft:windows_xp::sp1:tablet_pc:::::
	cpe:2.3:o:microsoft:windows_xp::sp2:tablet_pc:::::

References

Link	Resource
http://secunia.com/advisories/17165
http://securitytracker.com/id?1015041
http://www.osvdb.org/19922
http://www.securityfocus.com/bid/15066
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-046
https://exchange.xforce.ibmcloud.com/vulnerabilities/21700
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1106
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1210
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1536
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1544
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A910

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2005-10-13T04:00:00

Updated: 2018-10-12T19:57:01

Reserved: 2005-06-17T00:00:00

Link: CVE-2005-1985

JSON object: View

NVD Information

Status : Modified

Published: 2005-10-13T10:02:00.000

Modified: 2018-10-12T21:36:51.407

Link: CVE-2005-1985

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-10-11T00:00:00", "descriptions": [{"lang": "en", "value": "The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an \"unchecked buffer\" when processing certain crafted network messages."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "oval:org.mitre.oval:def:910", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A910"}, {"name": "oval:org.mitre.oval:def:1544", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1544"}, {"name": "oval:org.mitre.oval:def:1106", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1106"}, {"name": "MS05-046", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-046"}, {"name": "17165", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17165"}, {"name": "19922", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/19922"}, {"name": "oval:org.mitre.oval:def:1210", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1210"}, {"name": "15066", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15066"}, {"name": "win-csnw-bo(21700)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21700"}, {"name": "oval:org.mitre.oval:def:1536", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1536"}, {"name": "1015041", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015041"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2005-1985", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an \"unchecked buffer\" when processing certain crafted network messages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:910", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A910"}, {"name": "oval:org.mitre.oval:def:1544", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1544"}, {"name": "oval:org.mitre.oval:def:1106", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1106"}, {"name": "MS05-046", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-046"}, {"name": "17165", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17165"}, {"name": "19922", "refsource": "OSVDB", "url": "http://www.osvdb.org/19922"}, {"name": "oval:org.mitre.oval:def:1210", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1210"}, {"name": "15066", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15066"}, {"name": "win-csnw-bo(21700)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21700"}, {"name": "oval:org.mitre.oval:def:1536", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1536"}, {"name": "1015041", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015041"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2005-1985", "datePublished": "2005-10-13T04:00:00", "dateReserved": "2005-06-17T00:00:00", "dateUpdated": "2018-10-12T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*", "matchCriteriaId": "330B6798-5380-44AD-9B52-DF5955FA832C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*", "matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*", "matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an \"unchecked buffer\" when processing certain crafted network messages."}], "id": "CVE-2005-1985", "lastModified": "2018-10-12T21:36:51.407", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-10-13T10:02:00.000", "references": [{"source": "secure@microsoft.com", "url": "http://secunia.com/advisories/17165"}, {"source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1015041"}, {"source": "secure@microsoft.com", "url": "http://www.osvdb.org/19922"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/15066"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-046"}, {"source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21700"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1106"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1210"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1536"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1544"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A910"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}