CVE-2005-1985
Description
The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
Patches
Vulnerability mechanics
Root cause
"An unchecked buffer in the Client Service for NetWare (CSNW) when processing crafted network messages allows memory corruption."
Attack vector
An anonymous remote attacker can send a specially crafted network message to a system running the Client Service for NetWare (CSNW) [ref_id=1]. The unchecked buffer in CSNW fails to validate the length of the message before passing it to the allocated buffer, leading to memory corruption [ref_id=1]. On most affected platforms, no authentication is required; on Windows Server 2003 SP1, the attacker must have valid logon credentials and local access [ref_id=1]. The vulnerability can be exploited over TCP ports 139 and 445, or over other installed protocols such as IPX/SPX [ref_id=1].
Affected code
The advisory does not specify particular function names or file paths. The vulnerable component is the Client Service for NetWare (CSNW), also called Gateway Service for NetWare on Windows 2000 Server [ref_id=1]. The advisory states the bug is an "unchecked buffer" in this service [ref_id=1].
What the fix does
The security update removes the vulnerability by modifying the way CSNW validates the length of a message before passing it to the allocated buffer [ref_id=1]. This ensures that crafted messages exceeding the buffer size are rejected rather than causing memory corruption. The advisory does not include a code-level patch diff, but describes the fix as a length-validation correction in the affected component [ref_id=1].
Preconditions
- configClient Service for NetWare (CSNW) must be manually installed; it is not installed by default on any affected OS version [ref_id=1].
- networkAttacker must be able to send network messages to the affected system, typically over TCP ports 139 or 445, or over IPX/SPX if used [ref_id=1].
- authOn Windows Server 2003 SP1, the attacker must have valid logon credentials and local access; on other platforms, no authentication is required [ref_id=1].
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
11- secunia.com/advisories/17165nvd
- securitytracker.com/idnvd
- www.osvdb.org/19922nvd
- www.securityfocus.com/bid/15066nvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-046nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/21700nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1106nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1210nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1536nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1544nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A910nvd
News mentions
0No linked articles in our index yet.