Lucene search

[email protected]CVE-2005-3177

HistoryOct 06, 2005 - 10:02 a.m.

CVE-2005-3177

2005-10-0610:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

chkdsk

microsoft windows

update rollup 1

sp4

windows xp

windows server 2003

security descriptors

ntfs conventions

acls

nvd

7.4 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

24.9%

JSON

CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.

CPENameOperatorVersion
microsoft:windows_2003_servermicrosoft windows 2003 servereqr2
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_xpmicrosoft windows xpeq*

CPE	Name	Operator	Version
microsoft:windows_2003_server	microsoft windows 2003 server	eq	r2
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_xp	microsoft windows xp	eq	*

References

support.microsoft.com/kb/831374

support.microsoft.com/kb/831375

support.microsoft.com/kb/900345

7.4 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

24.9%

JSON