Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.SMB_NT_MS05-046.NASL
HistoryOct 11, 2005 - 12:00 a.m.

MS05-046: Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589)

2005-10-1100:00:00
This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
www.tenable.com
15
JSON

The remote host contains a version of the Client Service for NetWare that is vulnerable to a buffer overflow.

An attacker could exploit this flaw by connecting to the NetWare RPC service (possibly over IP) and trigger the overflow by sending a malformed RPC request.

#
# Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(19999);
 script_version("1.33");
 script_cvs_date("Date: 2018/11/15 20:50:29");

 script_cve_id("CVE-2005-1985");
 script_bugtraq_id(15066);
 script_xref(name:"MSFT", value:"MS05-046");
 script_xref(name:"MSKB", value:"899589");

 script_name(english:"MS05-046: Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589)");
 script_summary(english:"Determines the presence of update 899589");

 script_set_attribute(attribute:"synopsis", value:
"A flaw in the client service for NetWare could allow an attacker to
execute arbitrary code on the remote host.");
 script_set_attribute(attribute:"description", value:
"The remote host contains a version of the Client Service for NetWare
that is vulnerable to a buffer overflow.

An attacker could exploit this flaw by connecting to the NetWare RPC
service (possibly over IP) and trigger the overflow by sending a
malformed RPC request.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2005/ms05-046");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2000, XP and
2003.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_core", value:"true");
 script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
 script_set_attribute(attribute:"canvas_package", value:'CANVAS');

 script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/11");
 script_set_attribute(attribute:"patch_publication_date", value:"2005/10/11");
 script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/11");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS05-046';
kb = '899589';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win2k:'4,5', xp:'1,2', win2003:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"5.2", sp:0, arch:"x86", file:"nwwks.dll", version:"5.2.3790.386", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", sp:1, arch:"x86", file:"nwwks.dll", version:"5.2.3790.2506", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:1, file:"nwwks.dll", version:"5.1.2600.1727", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:2, file:"nwwks.dll", version:"5.1.2600.2736", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0",       file:"nwwks.dll", version:"5.0.2195.7065", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

Related

checkpoint_advisories 1
securityvulns 1
nessus 1
canvas 1
cve 1
checkpoint_advisories
checkpoint_advisories
Microsoft NetWare Client Service Crafted Message Code Execution (MS05-046; CVE-2005-1985)
2005-10-11 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS05-046 Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution &#40;899589&#41;
2005-10-12 00:00:00
nessus
nessus
MS05-046: Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589) (uncredentialed check)
2005-10-11 00:00:00
canvas
canvas
Immunity Canvas: MS05_046
2005-10-13 10:02:00
cve
cve
CVE-2005-1985
2005-10-13 10:02:00
JSON
Related for SMB_NT_MS05-046.NASL
checkpoint_advisories1securityvulns1nessus1canvas1cve1