Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.SMB_NT_MS03-024.NASL
HistoryJul 10, 2003 - 12:00 a.m.

MS03-024: SMB Request Handler Buffer Overflow (817606)

2003-07-1000:00:00
This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
www.tenable.com
30

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.301

Percentile

97.0%

JSON

The remote host is affected by a vulnerability in its SMB stack that could allow an authenticated attacker to corrupt the memory of this host. This may result in execution of arbitrary code on this host, or an attacker may disable this host remotely.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(11787);
 script_version("1.52");
 script_cvs_date("Date: 2018/11/15 20:50:29");

 script_cve_id("CVE-2003-0345");
 script_bugtraq_id(8152);
 script_xref(name:"MSFT", value:"MS03-024");
 script_xref(name:"CERT", value:"337764");
 script_xref(name:"MSKB", value:"817606");

 script_name(english:"MS03-024: SMB Request Handler Buffer Overflow (817606)");
 script_summary(english:"Checks for hotfix Q817606");

 script_set_attribute(attribute:"synopsis", value:"Arbitrary code can be executed on the remote host.");
 script_set_attribute(attribute:"description", value:
"The remote host is affected by a vulnerability in its SMB stack that
could allow an authenticated attacker to corrupt the memory of this
host.  This may result in execution of arbitrary code on this host, or
an attacker may disable this host remotely.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2003/ms03-024");
 script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows NT, 2000, XP.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
 script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"2003/07/09");
 script_set_attribute(attribute:"patch_publication_date", value:"2003/07/09");
 script_set_attribute(attribute:"plugin_publication_date", value:"2003/07/10");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS03-024';
kb = "817606";

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(nt:'6', win2k:'3', xp:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"5.1", sp:1, file:"Srv.sys", version:"5.1.2600.1193",                                dir:"\system32\Drivers", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:0, file:"Srv.sys", version:"5.1.2600.112",                                 dir:"\system32\Drivers", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0",       file:"Srv.sys", version:"5.0.2195.6699",                                dir:"\system32\Drivers", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"4.0",       file:"Srv.sys", version:"4.0.1381.7214",                                dir:"\system32\Drivers", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"4.0",       file:"Srv.sys", version:"4.0.1381.33547", min_version:"4.0.1381.33000", dir:"\system32\Drivers", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

Related

cvelist 1
cve 1
cert 1
nvd 1
cvelist
cvelist
CVE-2003-0345
2003-07-10 04:00:00
cve
cve
CVE-2003-0345
2003-08-18 04:00:00
cert
cert
Microsoft Windows fails to properly validate buffer size of incoming SMB packets
2003-10-10 00:00:00
nvd
nvd
CVE-2003-0345
2003-08-18 04:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.301

Percentile

97.0%

JSON
Related for SMB_NT_MS03-024.NASL
cvelist1cve1cert1nvd1