Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.SMB_NT_MS05-042.NASL
HistoryAug 09, 2005 - 12:00 a.m.

MS05-042: Vulnerability in Kerberos Could Allow Denial of Service, Information Disclosure and Spoofing (899587)

2005-08-0900:00:00
This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
www.tenable.com
11
JSON

The remote host contains a version of the Kerberos protocol that contains multiple security flaws that could allow an attacker to crash the remote service (AD), disclose information or spoof a session.

An attacker would need valid credentials to exploit these flaws.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(19405);
 script_version("1.34");
 script_cvs_date("Date: 2018/11/15 20:50:29");

 script_cve_id("CVE-2005-1981", "CVE-2005-1982");
 script_bugtraq_id (14519, 14520);
 script_xref(name:"MSFT", value:"MS05-042");
 script_xref(name:"CERT", value:"477341");
 script_xref(name:"CERT", value:"610133");
 script_xref(name:"MSKB", value:"899587");

 script_name(english:"MS05-042: Vulnerability in Kerberos Could Allow Denial of Service, Information Disclosure and Spoofing (899587)");
 script_summary(english:"Determines the presence of update 899587");

 script_set_attribute(attribute:"synopsis", value:
"It is possible to crash the remote service or disclose information.");
 script_set_attribute(attribute:"description", value:
"The remote host contains a version of the Kerberos protocol that
contains multiple security flaws that could allow an attacker to crash
the remote service (AD), disclose information or spoof a session.

An attacker would need valid credentials to exploit these flaws.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-042");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2000, XP and
2003.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/09");
 script_set_attribute(attribute:"patch_publication_date", value:"2005/08/09");
 script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/09");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS05-042';
kb = '899587';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win2k:'4', xp:'1,2', win2003:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"5.2", sp:0, file:"kerberos.dll", version:"5.2.3790.347", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", sp:1, file:"kerberos.dll", version:"5.2.3790.2464", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:1, file:"kerberos.dll", version:"5.1.2600.1701", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:2, file:"kerberos.dll", version:"5.1.2600.2698", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0", sp:4, file:"kerberos.dll", version:"5.0.2195.7053", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_warning();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

Related

securityvulns 1
cert 2
cve 2
cvelist 2
securityvulns
securityvulns
Microsoft Security Bulletin MS05-042 Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing &#40;899587&#41;
2005-08-09 00:00:00
cert
cert
Microsoft PKINIT smart card logon vulnerable to information disclosure and spoofing
2005-11-09 00:00:00
Microsoft Windows domain controller denial of service in Kerberos message handling
2005-08-10 00:00:00
cve
cve
CVE-2005-1982
2005-08-10 04:00:00
CVE-2005-1981
2005-08-10 04:00:00
cvelist
cvelist
CVE-2005-1982
2005-08-10 04:00:00
CVE-2005-1981
2005-08-10 04:00:00
JSON
Related for SMB_NT_MS05-042.NASL
securityvulns1cert2cve2cvelist2