CVE-2004-0567 - OpenCVE

The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows 2000 Windows 2003 Server Windows Nt

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_2000::sp3::::::*
	cpe:2.3:o:microsoft:windows_2000::sp4::::::*
	cpe:2.3:o:microsoft:windows_2003_server:64-bit:::::::*
	cpe:2.3:o:microsoft:windows_2003_server:r2:::::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:::::*
	cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:::::*

No data.

References

Link	Providers
http://secunia.com/advisories/13466
http://securitytracker.com/id?1012517
http://www.ciac.org/ciac/bulletins/p-054.shtml
http://www.kb.cert.org/vuls/id/378160
http://www.osvdb.org/12370
http://www.securityfocus.com/bid/11922
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-045
https://exchange.xforce.ibmcloud.com/vulnerabilities/18259

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-12-31T05:00:00

Updated: 2024-08-08T00:24:26.555Z

Reserved: 2004-06-15T00:00:00

Link: CVE-2004-0567

Vulnrichment

No data.

NVD

Status : Modified

Published: 2004-12-31T05:00:00.000

Modified: 2019-04-30T14:27:13.913

Link: CVE-2004-0567

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-12-14T00:00:00", "descriptions": [{"lang": "en", "value": "The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an \"unchecked buffer\" and possibly triggers a buffer overflow, aka the \"Name Validation Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "13466", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/13466"}, {"name": "VU#378160", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/378160"}, {"name": "1012517", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1012517"}, {"name": "12370", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/12370"}, {"name": "wins-memory-pointer-hijack(18259)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18259"}, {"name": "11922", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/11922"}, {"name": "P-054", "tags": ["third-party-advisory", "government-resource", "x_refsource_CIAC"], "url": "http://www.ciac.org/ciac/bulletins/p-054.shtml"}, {"name": "MS04-045", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-045"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0567", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an \"unchecked buffer\" and possibly triggers a buffer overflow, aka the \"Name Validation Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "13466", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/13466"}, {"name": "VU#378160", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/378160"}, {"name": "1012517", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1012517"}, {"name": "12370", "refsource": "OSVDB", "url": "http://www.osvdb.org/12370"}, {"name": "wins-memory-pointer-hijack(18259)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18259"}, {"name": "11922", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11922"}, {"name": "P-054", "refsource": "CIAC", "url": "http://www.ciac.org/ciac/bulletins/p-054.shtml"}, {"name": "MS04-045", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-045"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:24:26.555Z"}, "title": "CVE Program Container", "references": [{"name": "13466", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/13466"}, {"name": "VU#378160", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/378160"}, {"name": "1012517", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1012517"}, {"name": "12370", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/12370"}, {"name": "wins-memory-pointer-hijack(18259)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18259"}, {"name": "11922", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/11922"}, {"name": "P-054", "tags": ["third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred"], "url": "http://www.ciac.org/ciac/bulletins/p-054.shtml"}, {"name": "MS04-045", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-045"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0567", "datePublished": "2004-12-31T05:00:00", "dateReserved": "2004-06-15T00:00:00", "dateUpdated": "2024-08-08T00:24:26.555Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "BE1A6107-DE00-4A1C-87FC-9E4015165B5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "D2CA1674-A8A0-479A-9D80-344D3C563A24", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*", "matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*", "matchCriteriaId": "BCC5E316-FB61-408B-BAA2-7FE03D581250", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "matchCriteriaId": "90CFA69B-7814-4F97-A14D-D76310065CF3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an \"unchecked buffer\" and possibly triggers a buffer overflow, aka the \"Name Validation Vulnerability.\""}], "id": "CVE-2004-0567", "lastModified": "2019-04-30T14:27:13.913", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/13466"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1012517"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ciac.org/ciac/bulletins/p-054.shtml"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/378160"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/12370"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/11922"}, {"source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-045"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18259"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}