Microsoft Windows named pipe information disclosure

win-named-pipe-information-disclosure (19093) The risk level is classified as LowLow Risk

Description:

Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by improper validation of authentication data when a Named Pipe connection is used. If a user has an open connection to a shared resource, a remote attacker could send a specially-crafted request to obtain the victim's username.

Platforms Affected:

  • Microsoft, Windows XP SP1
  • Microsoft, Windows XP SP2
  • Microsoft, Windows XP SP1 64-bit

Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS05-007. See References.

Consequences:

Obtain Information

References:

  • Microsoft Security Bulletin MS05-007, Vulnerability in Windows Could Allow Information Disclosure (888302) at http://www.microsoft.com/technet/security/bulletin/ms05-007.mspx.
  • BID-12486: Microsoft Windows Named Pipe Remote Information Disclosure Vulnerability
  • CVE-2005-0051: The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the Named Pipe Vulnerability.
  • SA14189: Windows Anonymous Named Pipe Connection Information Disclosure
  • SECTRACK ID: 1013112: Microsoft Windows XP Named Pipe Validation Error Lets Remote Users Obtain Information
  • US-CERT VU#939074: Microsoft Windows XP named pipe fails to restrict anonymous access

Reported:

Feb 08, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page