Signature Detail
Short Name |
SMB:ENUM:NETSESSION |
|---|---|
Severity |
Low |
Recommended |
No |
Category |
SMB |
Keywords |
NetSession Enumeration |
Release Date |
2005/02/07 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SMB: NetSession Enumeration
This signature detects connections to the NetSession Service. Without authenticating, attackers can use this service to determine who has connected to shares on a target host and thus gain resource permission information.
Extended Description
A remote information disclosure vulnerability affects Microsoft Windows. This issue is due to a failure of the application to securely store potentially sensitive system information. An attacker may leverage this issue to disclose the user names of all users connected to a network share, potentially facilitating further attacks against affected computers.
Affected Products
- Microsoft Windows XP 64-bit Edition SP1
- Microsoft Windows XP 64-bit Edition
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home SP2
- Microsoft Windows XP Home
- Microsoft Windows XP Media Center Edition SP1
- Microsoft Windows XP Media Center Edition SP2
- Microsoft Windows XP Media Center Edition
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional SP2
- Microsoft Windows XP Professional
- Microsoft Windows XP Tablet PC Edition SP1
- Microsoft Windows XP Tablet PC Edition SP2
- Microsoft Windows XP Tablet PC Edition
References
- BugTraq: 12486
- CVE: CVE-2005-0051
- URL: http://www.microsoft.com/technet/security/Bulletin/MS05-007.mspx