CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
97.0%
The remote host is affected by a vulnerability in its SMB stack that could allow an authenticated attacker to corrupt the memory of this host. This may result in execution of arbitrary code on this host, or an attacker may disable this host remotely.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(11787);
script_version("1.52");
script_cvs_date("Date: 2018/11/15 20:50:29");
script_cve_id("CVE-2003-0345");
script_bugtraq_id(8152);
script_xref(name:"MSFT", value:"MS03-024");
script_xref(name:"CERT", value:"337764");
script_xref(name:"MSKB", value:"817606");
script_name(english:"MS03-024: SMB Request Handler Buffer Overflow (817606)");
script_summary(english:"Checks for hotfix Q817606");
script_set_attribute(attribute:"synopsis", value:"Arbitrary code can be executed on the remote host.");
script_set_attribute(attribute:"description", value:
"The remote host is affected by a vulnerability in its SMB stack that
could allow an authenticated attacker to corrupt the memory of this
host. This may result in execution of arbitrary code on this host, or
an attacker may disable this host remotely.");
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2003/ms03-024");
script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows NT, 2000, XP.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2003/07/09");
script_set_attribute(attribute:"patch_publication_date", value:"2003/07/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2003/07/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
script_family(english:"Windows : Microsoft Bulletins");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, 'Host/patch_management_checks');
exit(0);
}
include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS03-024';
kb = "817606";
kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
if (hotfix_check_sp_range(nt:'6', win2k:'3', xp:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");
share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
hotfix_is_vulnerable(os:"5.1", sp:1, file:"Srv.sys", version:"5.1.2600.1193", dir:"\system32\Drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"5.1", sp:0, file:"Srv.sys", version:"5.1.2600.112", dir:"\system32\Drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"5.0", file:"Srv.sys", version:"5.0.2195.6699", dir:"\system32\Drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"4.0", file:"Srv.sys", version:"4.0.1381.7214", dir:"\system32\Drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"4.0", file:"Srv.sys", version:"4.0.1381.33547", min_version:"4.0.1381.33000", dir:"\system32\Drivers", bulletin:bulletin, kb:kb)
)
{
set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}