The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote malicious users to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows server 2008 |
||
microsoft windows xp |
||
microsoft windows server 2008 - |
||
microsoft windows xp - |
||
microsoft windows vista |
||
microsoft windows 2003 server - |
||
microsoft windows 2000 |
||
microsoft windows 7 - |
||
microsoft windows 2003 server |
Smells like 2010
Remote attackers can hose EMC hybrid flash storage thanks to cryptographic weaknesses. The patched vulnerability (CVE-2016-0917) affects EMC's VNX1, VNX2 and VNXe systems, including the end-of-life Celerra which will not receive a fix. EMC researchers wrote in a security notice that remote attackers could access the SMB service using administrator credentials by messing with authentication protocols such that duplicate cryptographic nonces are produced. "An unauthenticated remote attacker may po...