CVE-2005-3177 — Microsoft Windows 2003 Server vulnerability

3 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

1.1%

top 22.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 2003 Server

Timeline

PublishedOct 6

Latest updateMay 1

Description

CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/windows_2003_serverr2

Patches

Patch: support.microsoft.com ↗Patch: support.microsoft.com ↗Patch: support.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-j398-8rpx-rmjh: CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly hand↗2022-05-01

▶

CVEList

CVE-2005-3177: CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly hand↗2005-10-06

▶