CVE-2015-0005 - OpenCVE

The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka "NETLOGON Spoofing Vulnerability."

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:A/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows Server 2012 Windows 2003 Server Windows Server 2008

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
	cpe:2.3:o:microsoft:windows_server_2008::sp2::::::*
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1::::::
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:r2::::datacenter:::
	cpe:2.3:o:microsoft:windows_server_2012:r2::::essentials:::
	cpe:2.3:o:microsoft:windows_server_2012:r2::::standard:::

References

Link	Resource
http://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Methods-Improper-Validation.html	Exploit
http://seclists.org/fulldisclosure/2015/Mar/60
http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validation	Exploit
http://www.securitytracker.com/id/1031891
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-027
https://www.samba.org/samba/history/samba-4.2.10.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2015-03-11T10:00:00

Updated: 2018-10-12T19:57:01

Reserved: 2014-11-18T00:00:00

Link: CVE-2015-0005

JSON object: View

NVD Information

Status : Modified

Published: 2015-03-11T10:59:00.087

Modified: 2019-05-08T22:03:15.720

Link: CVE-2015-0005

JSON object: View

Redhat Information

No data.

CWE

CWE-254

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-10T00:00:00", "descriptions": [{"lang": "en", "value": "The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka \"NETLOGON Spoofing Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.samba.org/samba/history/samba-4.2.10.html"}, {"name": "1031891", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031891"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Methods-Improper-Validation.html"}, {"name": "20150310 [CORE-2015-0005] - Windows Pass-Through Authentication Methods Improper Validation", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2015/Mar/60"}, {"name": "MS15-027", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-027"}, {"tags": ["x_refsource_MISC"], "url": "http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validation"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2015-0005", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka \"NETLOGON Spoofing Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.samba.org/samba/history/samba-4.2.10.html", "refsource": "CONFIRM", "url": "https://www.samba.org/samba/history/samba-4.2.10.html"}, {"name": "1031891", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031891"}, {"name": "http://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Methods-Improper-Validation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Methods-Improper-Validation.html"}, {"name": "20150310 [CORE-2015-0005] - Windows Pass-Through Authentication Methods Improper Validation", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2015/Mar/60"}, {"name": "MS15-027", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-027"}, {"name": "http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validation", "refsource": "MISC", "url": "http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validation"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2015-0005", "datePublished": "2015-03-11T10:00:00", "dateReserved": "2014-11-18T00:00:00", "dateUpdated": "2018-10-12T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "0C28897B-044A-447B-AD76-6397F8190177", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:*", "matchCriteriaId": "32BCD530-F6E2-4F9B-AD4C-7DF2BED00296", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:essentials:*:*:*", "matchCriteriaId": "A1318333-EF3A-4DBA-8DD7-367BF843F70D", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:standard:*:*:*", "matchCriteriaId": "74B5E7C1-6C1D-4605-91CF-AF105EFA678D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka \"NETLOGON Spoofing Vulnerability.\""}, {"lang": "es", "value": "El servicio NETLOGON en Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 y R2 SP1, y Windows Server 2012 Gold y R2, cuando un controlador de dominios est\u00e1 configurado, permite a atacantes remotos falsificar el nombre del ordenador del endpoint de un canal seguro, y obtener informaci\u00f3n sensible, mediante el funcionamiento de una aplicaci\u00f3n manipulada y el aprovechamiento de la capacidad de capturar trafico de la red, tambi\u00e9n conocido como 'vulnerabilidad de falsificaci\u00f3n de NETLOGON.'"}], "id": "CVE-2015-0005", "lastModified": "2019-05-08T22:03:15.720", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-03-11T10:59:00.087", "references": [{"source": "secure@microsoft.com", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Methods-Improper-Validation.html"}, {"source": "secure@microsoft.com", "url": "http://seclists.org/fulldisclosure/2015/Mar/60"}, {"source": "secure@microsoft.com", "tags": ["Exploit"], "url": "http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validation"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1031891"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-027"}, {"source": "secure@microsoft.com", "url": "https://www.samba.org/samba/history/samba-4.2.10.html"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]}