CERTA-2000-AVI-017

Vulnerability from certfr_avis - Published: - Updated:

Windows 2000 serveur offre un service Telnet qui, par défaut, n'est pas activé lors de l'installation de Windows.

Une vulnérabilité permettant à un utilisateur mal intentionné de bloquer ce service a été décelée et corrigée.

Description

Une erreur d'implémentation du service Telnet de windows 2000 serveur permet à un utilisateur mal intentionné de le bloquer à distance grâce à une manipulation simple des données transmises à ce service.

Ce service n'est pas démarré par défaut lors de l'installation de Windows 2000 Serveur.

Solution

Microsoft propose un correctif à l'adresse suivante :

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=22753

Windows 2000 Serveur.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eWindows 2000 Serveur.\u003c/P\u003e",
  "content": "## Description\n\nUne erreur d\u0027impl\u00e9mentation du service Telnet de windows 2000 serveur\npermet \u00e0 un utilisateur mal intentionn\u00e9 de le bloquer \u00e0 distance gr\u00e2ce \u00e0\nune manipulation simple des donn\u00e9es transmises \u00e0 ce service.\n\nCe service n\u0027est pas d\u00e9marr\u00e9 par d\u00e9faut lors de l\u0027installation de\nWindows 2000 Serveur.\n\n## Solution\n\nMicrosoft propose un correctif \u00e0 l\u0027adresse suivante :\n\n    http://www.microsoft.com/Downloads/Release.asp?ReleaseID=22753\n",
  "cves": [],
  "links": [
    {
      "title": "La FAQ de microsoft :",
      "url": "http://www.microsoft.com/technet/security/bulletin/fq00-050.asp"
    },
    {
      "title": "Le bulletin de s\u00e9curit\u00e9 de Microsoft :",
      "url": "http://www.microsoft.com/technet/security/bulletin/ms00-050.asp"
    }
  ],
  "reference": "CERTA-2000-AVI-017",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2000-07-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Windows 2000 serveur offre un service Telnet qui, par d\u00e9faut, n\u0027est pas\nactiv\u00e9 lors de l\u0027installation de Windows.\n\nUne vuln\u00e9rabilit\u00e9 permettant \u00e0 un utilisateur mal intentionn\u00e9 de bloquer\nce service a \u00e9t\u00e9 d\u00e9cel\u00e9e et corrig\u00e9e.\n",
  "title": "Vuln\u00e9rabilit\u00e9 du service Telnet sous Windows 2000",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 de Microsoft",
      "url": null
    },
    {
      "published_at": null,
      "title": "Avis du CERT IST",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.