Lucene search
This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.SMB_NT_MS05-011.NASLHistoryFeb 08, 2005 - 12:00 a.m.
MS05-011: Vulnerability in SMB may allow remote code execution (885250)
2005-02-0800:00:00
This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
www.tenable.com
49
The remote version of Windows contains a flaw in the Server Message Block (SMB) implementation that could allow an attacker to execute arbitrary code on the remote host.
To exploit this flaw, an attacker would need to send malformed responses to the remote SMB client, and would be able to either execute arbitrary code on the remote host or to perform a denial of service.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(16326);
script_version("1.35");
script_cvs_date("Date: 2018/11/15 20:50:29");
script_cve_id("CVE-2005-0045");
script_bugtraq_id(12484);
script_xref(name:"MSFT", value:"MS05-011");
script_xref(name:"CERT", value:"652537");
script_xref(name:"EDB-ID", value:"1065");
script_xref(name:"MSKB", value:"885250");
script_name(english:"MS05-011: Vulnerability in SMB may allow remote code execution (885250)");
script_summary(english:"Determines if hotfix 885250 has been installed");
script_set_attribute(attribute:"synopsis", value:"Arbitrary code can be executed on the remote host.");
script_set_attribute(attribute:"description", value:
"The remote version of Windows contains a flaw in the Server Message
Block (SMB) implementation that could allow an attacker to execute
arbitrary code on the remote host.
To exploit this flaw, an attacker would need to send malformed responses
to the remote SMB client, and would be able to either execute arbitrary
code on the remote host or to perform a denial of service.");
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-011");
script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2000, XP and
2003.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_set_attribute(attribute:"vuln_publication_date", value:"2005/02/08");
script_set_attribute(attribute:"patch_publication_date", value:"2005/02/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/08");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
script_family(english:"Windows : Microsoft Bulletins");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, 'Host/patch_management_checks');
exit(0);
}
include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS05-011';
kb = '885250';
kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
if (hotfix_check_sp_range(win2k:'3,4', xp:'1,2', win2003:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");
share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
hotfix_is_vulnerable(os:"5.2", sp:0, file:"Mrxsmb.sys", version:"5.2.3790.252", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"5.1", sp:1, file:"Mrxsmb.sys", version:"5.1.2600.1620", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"5.1", sp:2, file:"Mrxsmb.sys", version:"5.1.2600.2598", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"5.0", file:"Mrxsmb.sys", version:"5.0.2195.7023", dir:"\system32\drivers", bulletin:bulletin, kb:kb)
)
{
set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}
Related
canvas
canvas
Immunity Canvas: GAPPLE_CLIENT
2005-05-02 04:00:00
securityvulns
securityvulns
seebug
seebug
MS Windows (SMB) Transaction Response Handling Exploit (MS05-011)
2005-06-23 00:00:00
cert
cert
Microsoft Windows SMB packet validation vulnerability
2005-02-08 00:00:00
exploitpack
exploitpack
Microsoft Windows - SMB Transaction Response Handling (MS05-011)
2005-06-23 00:00:00
cve
cve
CVE-2005-0045
2005-05-02 04:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows SMB Response Handling Buffer Overflow (CVE-2005-0045)
2013-09-09 00:00:00
exploitdb
exploitdb
Microsoft Windows - 'SMB' Transaction Response Handling (MS05-011)
2005-06-23 00:00:00
Related for SMB_NT_MS05-011.NASL