CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
98.8%
The hotfix for the ‘RPC Endpoint Mapper Service on NT 4 has not been applied’ problem has not been applied.
Because the endpoint mapper runs within the RPC service itself, exploiting this vulnerability would cause the RPC service to fail, with the attendant loss of any RPC-based services the server offers, as well as potential loss of some COM functions. Normal service could be restored by rebooting the server.
#
# This script was written by Michael Scheidell <[email protected]>
# based on template from Renaud Deraison <[email protected]>
#
# See the Nessus Scripts License for details
#
# Changes by Tenable
# - Updated to use compat.inc, added CVSS score (11/20/2009)
include("compat.inc");
if (description)
{
script_id(10806);
script_version("1.41");
script_cvs_date("Date: 2018/11/15 20:50:29");
script_cve_id("CVE-2001-0662");
script_bugtraq_id(3313);
script_xref(name:"MSFT", value:"MS01-048");
script_xref(name:"MSKB", value:"305399");
script_name(english:"MS01-048: RPC Endpoint Mapper Malformed Request DoS (305399)");
script_summary(english:"Determines whether the hotfix Q305399 is installed");
script_set_attribute(attribute:"synopsis", value:"The remote host is affected by a denial of service vulnerability.");
script_set_attribute(attribute:"description", value:
"The hotfix for the 'RPC Endpoint Mapper Service on NT 4 has not been
applied' problem has not been applied.
Because the endpoint mapper runs within the RPC service itself,
exploiting this vulnerability would cause the RPC service to
fail, with the attendant loss of any RPC-based services the server
offers, as well as potential loss of some COM functions. Normal
service could be restored by rebooting the server.");
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2001/ms01-048");
script_set_attribute(attribute:"solution", value:"Microsoft has released a patch for Windows NT 4.0.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2001/09/10");
script_set_attribute(attribute:"patch_publication_date", value:"2001/09/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2001/11/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2001-2018 Michael Scheidell");
script_family(english:"Windows : Microsoft Bulletins");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS01-048';
kb = "305399";
kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);
get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);
if (hotfix_check_sp(nt:7) <= 0) exit(0, "The host is not affected based on its version / service pack.");
if (hotfix_missing(name:"Q305399") > 0)
{
if (
defined_func("report_xml_tag") &&
!isnull(bulletin) &&
!isnull(kb)
) report_xml_tag(tag:bulletin, value:kb);
hotfix_security_warning();
set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
exit(0);
}
else exit(0, "The host is not affected.");