Nessus Plugin #11146
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
Microsoft RDP flaws could allow sniffing and DOS(Q324380)
- Family:
- Windows : Microsoft Bulletins
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2002 SECNAP Network Security, LLC
- Summary:
- Checks for MS Hotfix Q324380, Flaws in Microsoft RDP
- Version:
- $Revision: 1.9 $
- Cve_id:
- CAN-2002-0863
- Bugtraq_id:
- 5410, 5711, 5712
- Xrefs:
- -
- Description:
Remote Data Protocol (RDP) version 5.0 in Microsoft
Windows 2000 and RDP 5.1 in Windows XP does not
encrypt the checksums of plaintext session data,
which could allow a remote attacker to determine the
contents of encrypted sessions via sniffing, and
Remote Data Protocol (RDP) version 5.1 in Windows
XP allows remote attackers to cause a denial of
service (crash) when Remote Desktop is enabled via a
PDU Confirm Active data packet that does not set the
Pattern BLT command.
Impact of vulnerability: Two vulnerabilities:
information disclosure, denial of service.
Maximum Severity Rating: Moderate.
Recommendation: Administrators of Windows
2000 terminal servers and Windows XP users
who have enabled Remote Desktop should apply
the patch.
Affected Software:
Microsoft Windows 2000
Microsoft Windows XP
Solution : http://www.microsoft.com/technet/security/bulletin/ms02-051.mspx
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.