Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2002-2018 Tenable Network Security, Inc.SMB_NT_MS02-018.NASL
HistoryApr 23, 2002 - 12:00 a.m.

MS02-018: Cumulative Patch for Internet Information Services (327696)

2002-04-2300:00:00
This script is Copyright (C) 2002-2018 Tenable Network Security, Inc.
www.tenable.com
33
JSON

The remote version of Windows contains multiple flaws in the Internet Information Service (IIS), such as heap overflow, DoS, and XSS that could allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(10943);
 script_version("1.60");
 script_cvs_date("Date: 2018/11/15 20:50:29");

 script_cve_id(
   "CVE-2002-0071",
   "CVE-2002-0147",
   "CVE-2002-0149",
   "CVE-2002-0150",
   "CVE-2002-0224",
   "CVE-2002-0869",
   "CVE-2002-1180",
   "CVE-2002-1181",
   "CVE-2002-1182"
 );
 script_bugtraq_id(4006, 4474, 4476, 4478, 4490, 6069, 6070, 6071, 6072);
  script_xref(name:"CERT", value:"610291");
  script_xref(name:"CERT", value:"669779");
  script_xref(name:"CERT", value:"454091");
  script_xref(name:"CERT", value:"721963");
  script_xref(name:"CERT", value:"363715");
  script_xref(name:"CERT", value:"521059");
  script_xref(name:"CERT", value:"412203");
  script_xref(name:"CERT", value:"883091");
  script_xref(name:"CERT", value:"886699");
  script_xref(name:"MSFT", value:"MS02-018");
  script_xref(name:"MSFT", value:"MS02-062");
  script_xref(name:"MSKB", value:"319733");

 script_name(english:"MS02-018: Cumulative Patch for Internet Information Services (327696)");
 script_summary(english:"Determines whether October 30, 2002 IIS Cumulative patches (Q327696) are installed");

 script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through the web
server.");
 script_set_attribute(attribute:"description", value:
"The remote version of Windows contains multiple flaws in the Internet
Information Service (IIS), such as heap overflow, DoS, and XSS that
could allow an attacker to execute arbitrary code on the remote host
with SYSTEM privileges.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2002/ms02-018");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2002/ms02-062");
 script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for IIS 4.0, 5.0, 5.1.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
 script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_core", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'MS02-018 Microsoft IIS 4.0 .HTR Path Overflow');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

 script_set_attribute(attribute:"vuln_publication_date", value:"2002/01/31");
 script_set_attribute(attribute:"patch_publication_date", value:"2002/04/10");
 script_set_attribute(attribute:"plugin_publication_date", value:"2002/04/23");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:iis");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2002-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS02-018';
kb = '319733';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(nt:'6', win2k:'1,2', xp:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_iis_installed() <= 0) audit(AUDIT_NOT_INST, "IIS");

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"5.1", sp:0, file:"W3svc.dll", version:"5.1.2600.1125", dir:"\system32\inetsrv", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0", file:"W3svc.dll", version:"5.0.2195.5995", dir:"\system32\inetsrv", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"4.0", file:"W3svc.dll", version:"4.2.780.1", dir:"\system32\inetsrv", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows
microsoftiiscpe:/a:microsoft:iis

Related

openvas 5
nessus 5
securityvulns 4
cisco 1
cert 4
cve 9
checkpoint_advisories 2
openvas
openvas
Cumulative Patch for Internet Information Services (Q327696)
2005-11-03 00:00:00
Cumulative Patch for Internet Information Services (Q327696)
2005-11-03 00:00:00
MSDTC denial of service by flooding with nul bytes
2005-11-03 00:00:00
nessus
nessus
Microsoft IIS ASP ISAPI Filter Multiple Overflows
2002-04-10 00:00:00
Microsoft IIS .HTR ISAPI Filter Enabled
2002-04-10 00:00:00
MS02-018: Microsoft Windows Distributed Transaction Coordinator (DTC) Malformed Input DoS (319733) (intrusive check)
2002-04-20 00:00:00
securityvulns
securityvulns
Advisory CA-2002-09 Multiple Vulnerabilities in Microsoft IIS
2002-04-12 00:00:00
Multiple Remote Vulnerabilities in Microsoft IIS
2002-04-11 00:00:00
KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun
2002-04-11 00:00:00
cisco
cisco
Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
2002-04-15 18:00:00
cert
cert
Microsoft Internet Information Server (IIS) buffer overflow in server-side includes (SSI) containing long invalid file name
2002-04-10 00:00:00
Microsoft Internet Information Server (IIS) vulnerable to heap overflow during processing of crafted ".htr" request by "ISM.DLL" ISAPI filter
2002-04-10 00:00:00
Microsoft Internet Information Server (IIS) vulnerable to buffer overflow via inaccurate checking of delimiters in HTTP header fields
2002-04-10 00:00:00
cve
cve
CVE-2002-0149
2002-04-22 04:00:00
CVE-2002-0869
2002-11-12 05:00:00
CVE-2002-0150
2002-04-22 04:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft IIS HTR Request Buffer Overflow (CVE-2002-0071)
2007-01-01 00:00:00
Microsoft IIS HTR Request Buffer Overflow - Ver2 (CVE-2002-0071)
2015-03-26 00:00:00
JSON
Related for SMB_NT_MS02-018.NASL
openvas5nessus5securityvulns4cisco1cert4cve9checkpoint_advisories2