OpenCVE

The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka "NETLOGON Spoofing Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:A/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows 2003 Server Windows Server 2008 Windows Server 2012

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
	cpe:2.3:o:microsoft:windows_server_2008::sp2::::::*
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1::::::
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:r2::::datacenter:::
	cpe:2.3:o:microsoft:windows_server_2012:r2::::essentials:::
	cpe:2.3:o:microsoft:windows_server_2012:r2::::standard:::

No data.

References

Link	Providers
http://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Methods-Improper-Validation.html
http://seclists.org/fulldisclosure/2015/Mar/60
http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validation
http://www.securitytracker.com/id/1031891
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-027
https://www.samba.org/samba/history/samba-4.2.10.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2015-03-11T10:00:00

Updated: 2024-08-06T03:55:27.562Z

Reserved: 2014-11-18T00:00:00

Link: CVE-2015-0005

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-03-11T10:59:00.087

Modified: 2024-11-21T02:22:10.293

Link: CVE-2015-0005

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-10T00:00:00", "descriptions": [{"lang": "en", "value": "The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka \"NETLOGON Spoofing Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.samba.org/samba/history/samba-4.2.10.html"}, {"name": "1031891", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031891"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Methods-Improper-Validation.html"}, {"name": "20150310 [CORE-2015-0005] - Windows Pass-Through Authentication Methods Improper Validation", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2015/Mar/60"}, {"name": "MS15-027", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-027"}, {"tags": ["x_refsource_MISC"], "url": "http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validation"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2015-0005", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka \"NETLOGON Spoofing Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.samba.org/samba/history/samba-4.2.10.html", "refsource": "CONFIRM", "url": "https://www.samba.org/samba/history/samba-4.2.10.html"}, {"name": "1031891", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031891"}, {"name": "http://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Methods-Improper-Validation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Methods-Improper-Validation.html"}, {"name": "20150310 [CORE-2015-0005] - Windows Pass-Through Authentication Methods Improper Validation", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2015/Mar/60"}, {"name": "MS15-027", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-027"}, {"name": "http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validation", "refsource": "MISC", "url": "http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validation"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T03:55:27.562Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.samba.org/samba/history/samba-4.2.10.html"}, {"name": "1031891", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1031891"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Methods-Improper-Validation.html"}, {"name": "20150310 [CORE-2015-0005] - Windows Pass-Through Authentication Methods Improper Validation", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2015/Mar/60"}, {"name": "MS15-027", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-027"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validation"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2015-0005", "datePublished": "2015-03-11T10:00:00", "dateReserved": "2014-11-18T00:00:00", "dateUpdated": "2024-08-06T03:55:27.562Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "0C28897B-044A-447B-AD76-6397F8190177", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:*", "matchCriteriaId": "32BCD530-F6E2-4F9B-AD4C-7DF2BED00296", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:essentials:*:*:*", "matchCriteriaId": "A1318333-EF3A-4DBA-8DD7-367BF843F70D", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:standard:*:*:*", "matchCriteriaId": "74B5E7C1-6C1D-4605-91CF-AF105EFA678D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka \"NETLOGON Spoofing Vulnerability.\""}, {"lang": "es", "value": "El servicio NETLOGON en Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 y R2 SP1, y Windows Server 2012 Gold y R2, cuando un controlador de dominios est\u00e1 configurado, permite a atacantes remotos falsificar el nombre del ordenador del endpoint de un canal seguro, y obtener informaci\u00f3n sensible, mediante el funcionamiento de una aplicaci\u00f3n manipulada y el aprovechamiento de la capacidad de capturar trafico de la red, tambi\u00e9n conocido como 'vulnerabilidad de falsificaci\u00f3n de NETLOGON.'"}], "id": "CVE-2015-0005", "lastModified": "2024-11-21T02:22:10.293", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-03-11T10:59:00.087", "references": [{"source": "secure@microsoft.com", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Methods-Improper-Validation.html"}, {"source": "secure@microsoft.com", "url": "http://seclists.org/fulldisclosure/2015/Mar/60"}, {"source": "secure@microsoft.com", "tags": ["Exploit"], "url": "http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validation"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1031891"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-027"}, {"source": "secure@microsoft.com", "url": "https://www.samba.org/samba/history/samba-4.2.10.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/130773/Windows-Pass-Through-Authentication-Methods-Improper-Validation.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2015/Mar/60"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.coresecurity.com/advisories/windows-pass-through-authentication-methods-improper-validation"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1031891"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-027"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.samba.org/samba/history/samba-4.2.10.html"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]}