| Definition Id: oval:org.mitre.oval:def:1962 |
Version: 3
Last Modified: 2007-05-07
|
| Title: |
Windows Server 2003 Negotiate Security Software Provider Denial of Service Vulnerability |
| Description: |
The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection. |
| Family: |
windows |
Class: |
vulnerability |
| Status: |
ACCEPTED |
Reference(s): |
CVE-2004-0119
|
| Platform(s): |
Microsoft Windows Server 2003 |
Product(s): |
Negotiate Security Software Provider |
| Definition Synopsis: |
- Software section
- Windows Server 2003 is installed
- AND The version of ipnathlp.dll is less than 5.2.3790.142 and 64-bit or 32-bit version of Windows is installed
- The version of ipnathlp.dll is less than 5.2.3790.142 and a 64 bit version of Windows is installed
- OR The version of Ipnathlp.dll is less than 5.2.3790.142 and a 32-bit version of Windows is installed
- AND NOT the patch kb835732 is installed
- AND Configuration section
|
