MS01-048: RPC Endpoint Mapper Malformed Request DoS (305399)

#
# This script was written by Michael Scheidell <[email protected]>
# based on template from Renaud Deraison <[email protected]>
#
# See the Nessus Scripts License for details
#

# Changes by Tenable
# - Updated to use compat.inc, added CVSS score (11/20/2009)

include("compat.inc");

if (description)
{
 script_id(10806);
 script_version("1.41");
 script_cvs_date("Date: 2018/11/15 20:50:29");

 script_cve_id("CVE-2001-0662");
 script_bugtraq_id(3313);
 script_xref(name:"MSFT", value:"MS01-048");
 script_xref(name:"MSKB", value:"305399");

 script_name(english:"MS01-048: RPC Endpoint Mapper Malformed Request DoS (305399)");
 script_summary(english:"Determines whether the hotfix Q305399 is installed");

 script_set_attribute(attribute:"synopsis", value:"The remote host is affected by a denial of service vulnerability.");
 script_set_attribute(attribute:"description", value:
"The hotfix for the 'RPC Endpoint Mapper Service on NT 4 has not been
applied' problem has not been applied.

Because the endpoint mapper runs within the RPC service itself,
exploiting this vulnerability would cause the RPC service to
fail, with the attendant loss of any RPC-based services the server
offers, as well as potential loss of some COM functions.  Normal
service could be restored by rebooting the server.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2001/ms01-048");
 script_set_attribute(attribute:"solution", value:"Microsoft has released a patch for Windows NT 4.0.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
 script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"2001/09/10");
 script_set_attribute(attribute:"patch_publication_date", value:"2001/09/10");
 script_set_attribute(attribute:"plugin_publication_date", value:"2001/11/19");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2001-2018 Michael Scheidell");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, "Host/patch_management_checks");

 exit(0);
}

include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS01-048';
kb = "305399";

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);


get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp(nt:7) <= 0) exit(0, "The host is not affected based on its version / service pack.");


if (hotfix_missing(name:"Q305399") > 0)
{
  if (
    defined_func("report_xml_tag") &&
    !isnull(bulletin) &&
    !isnull(kb)
  ) report_xml_tag(tag:bulletin, value:kb);

  hotfix_security_warning();
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  exit(0);
}
else exit(0, "The host is not affected.");