Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability Network Vulnerability

Summary

The host is running SMB/NETBIOS and prone to authentication bypass Vulnerability

Impact

Successful exploitation could allow attackers to use shares to cause the system to crash. Impact Level: System

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. A workaround is to, - Disable null session login. - Remove the share. - Enable passwords on the share.

Insight

The flaw is due to an SMB share, allows full access to Guest users. If the Guest account is enabled, anyone can access the computer without a valid user account or password.

Affected

Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows NT

References

http://seclab.cs.ucdavis.edu/projects/testing/vulner/38.html
http://xforce.iss.net/xforce/xfdb/2

Updated on 2015-03-25

Severity

Classification

CVE CVE-1999-0519
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Stuxnet Detection
Microsoft .NET Framework 'RC4' Information Disclosure Vulnerability (2960358)
Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038)
Microsoft Windows Address Book Insecure Library Loading Vulnerability
Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability

Take action and discover your vulnerabilities