Lucene search
This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.SMB_NT_MS03-034.NASLHistoryFeb 03, 2005 - 12:00 a.m.
MS03-034: NetBIOS Name Service Reply Information Leakage (824105) (credentialed check)
2005-02-0300:00:00
This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
www.tenable.com
37
The remote host is running a version of the NetBT name service that suffers from a memory disclosure problem.
An attacker could send a special packet to the remote NetBT name service, and the reply will contain random arbitrary data from the remote host memory. This arbitrary data may be a fragment from the web page the remote user is viewing, or something more serious like a POP password or anything else.
An attacker may use this flaw to continuously ‘poll’ the content of the memory of the remote host and might be able to obtain sensitive information.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(16299);
script_version("1.33");
script_cvs_date("Date: 2018/11/15 20:50:29");
script_cve_id("CVE-2003-0661");
script_bugtraq_id(8532);
script_xref(name:"MSFT", value:"MS03-034");
script_xref(name:"MSKB", value:"824105");
script_name(english:"MS03-034: NetBIOS Name Service Reply Information Leakage (824105) (credentialed check)");
script_summary(english:"Checks the remote registry for MS03-034");
script_set_attribute(attribute:"synopsis", value:
"Random portions of memory may be disclosed thru the NetBIOS name
service.");
script_set_attribute(attribute:"description", value:
"The remote host is running a version of the NetBT name service that
suffers from a memory disclosure problem.
An attacker could send a special packet to the remote NetBT name
service, and the reply will contain random arbitrary data from the
remote host memory. This arbitrary data may be a fragment from the web
page the remote user is viewing, or something more serious like a POP
password or anything else.
An attacker may use this flaw to continuously 'poll' the content of the
memory of the remote host and might be able to obtain sensitive
information.");
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2003/ms03-034");
script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows NT, 2000, XP and
2003.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2003/09/03");
script_set_attribute(attribute:"patch_publication_date", value:"2003/09/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
script_family(english:"Windows : Microsoft Bulletins");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, 'Host/patch_management_checks');
exit(0);
}
include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS03-034';
kb = '824105';
kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_NOTE);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
if (hotfix_check_sp_range(nt:'6', win2k:'3,4', xp:'0,1', win2003:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");
share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
hotfix_is_vulnerable(os:"5.2", sp:0, file:"Netbt.sys", version:"5.2.3790.69", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"5.1", sp:1, file:"Netbt.sys", version:"5.1.2600.1243", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"5.1", sp:0, file:"Netbt.sys", version:"5.1.2600.117", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"5.0", file:"Netbt.sys", version:"5.0.2195.6783", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"4.0", file:"Netbt.sys", version:"4.0.1381.7224", dir:"\system32\drivers", bulletin:bulletin, kb:kb)
)
{
set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
hotfix_security_note();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}
Related
securityvulns
securityvulns
Microsoft Security Bulletin MS03-042
2003-10-16 00:00:00
openvas
openvas
Microsoft MS03-034 security check
2009-03-16 00:00:00
Buffer Overflow in Windows Troubleshooter ActiveX Control (826232)
2005-11-03 00:00:00
nessus
nessus
cert
cert
cve
cve
CVE-2003-0661
2003-10-20 04:00:00
Related for SMB_NT_MS03-034.NASL