Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.SMB_NT_MS06-063.NASL
HistoryOct 10, 2006 - 12:00 a.m.

MS06-063: Vulnerability in Server Service Could Allow Denial of Service (923414)

2006-10-1000:00:00
This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
www.tenable.com
30
JSON

The remote host has a memory corruption vulnerability in the ‘Server’ service that could allow an attacker to perform a denial of service against the remote host.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(22536);
 script_version("1.37");
 script_cvs_date("Date: 2018/11/15 20:50:30");

 script_cve_id("CVE-2006-1314", "CVE-2006-1315", "CVE-2006-3942", "CVE-2006-4696");
 script_bugtraq_id(19215, 20373);
 script_xref(name:"TRA", value:"TRA-2006-01");
 script_xref(name:"CERT", value:"189140");
 script_xref(name:"MSFT", value:"MS06-063");
 script_xref(name:"MSKB", value:"923414");

 script_name(english:"MS06-063: Vulnerability in Server Service Could Allow Denial of Service (923414)");
 script_summary(english:"Determines the presence of update 923414");

 script_set_attribute(attribute:"synopsis", value:
"It is possible to crash the remote host due to a flaw in the 'server'
service.");
 script_set_attribute(attribute:"description", value:
"The remote host has a memory corruption vulnerability in the 'Server'
service that could allow an attacker to perform a denial of service
against the remote host.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2006/ms06-063");
 script_set_attribute(attribute:"see_also", value:"https://www.tenable.com/security/research/tra-2006-01");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2000, XP and
2003.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_core", value:"true");
 script_set_attribute(attribute:"exploited_by_malware", value:"true");
 script_cwe_id(20, 94);

 script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/11");
 script_set_attribute(attribute:"patch_publication_date", value:"2006/10/10");
 script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/10");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");
 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS06-063';
kb = '923414';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win2k:'4,5', xp:'1,2', win2003:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if ( hotfix_is_vulnerable(os:"5.2", sp:0, file:"Srv.sys", version:"5.2.3790.588", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
     hotfix_is_vulnerable(os:"5.2", sp:1, file:"Srv.sys", version:"5.2.3790.2783", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
     hotfix_is_vulnerable(os:"5.1", sp:1, file:"Srv.sys", version:"5.1.2600.1885", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
     hotfix_is_vulnerable(os:"5.1", sp:2, file:"Srv.sys", version:"5.1.2600.2974", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
     hotfix_is_vulnerable(os:"5.0", file:"Srv.sys", version:"5.0.2195.7106", dir:"\system32\drivers", bulletin:bulletin, kb:kb) )
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();

  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

Related

securityvulns 6
nessus 2
cve 5
coresecurity 1
prion 2
cert 3
checkpoint_advisories 4
securityvulns
securityvulns
Microsoft Security Bulletin MS06-063 Vulnerability in Server Service Could Allow Denial of Service &#40;923414&#41;
2006-10-11 00:00:00
Microsoft Security Bulletin MS06-035 Vulnerability in Server Service Could Allow Remote Code Execution &#40;917159&#41;
2006-07-11 00:00:00
Mailslot bug &#40;MS06-035&#41; vs non-Mailslot bug &#40;CVE-2006-3942&#41;
2006-08-16 00:00:00
nessus
nessus
MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159) (uncredentialed check)
2006-07-12 00:00:00
MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159)
2006-07-11 00:00:00
cve
cve
CVE-2006-3942
2006-07-31 23:04:00
CVE-2006-4696
2006-10-10 22:07:00
CVE-2006-1314
2006-07-11 21:05:00
coresecurity
coresecurity
Microsoft SRV.SYS SMB_COM_TRANSACTION Denial of Service
2016-05-18 00:00:00
prion
prion
Heap overflow
2006-07-11 21:05:00
Information disclosure
2006-07-11 21:05:00
cert
cert
Microsoft Server Service fails to properly handle network messages
2006-10-11 00:00:00
Microsoft Server Service Mailslot vulnerable to heap overflow
2006-07-11 00:00:00
Microsoft Server Service may disclose information used to store SMB traffic
2006-07-20 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows RASMAN Service Memory Corruption (MS06-025; CVE-2006-1314)
2006-07-18 00:00:00
MS-RPC Programs Lookup (CVE-2006-1314)
2006-07-18 00:00:00
Microsoft Server Service MailSlot Heap Overflow (MS06-035; CVE-2006-1314)
2006-09-21 00:00:00
JSON
Related for SMB_NT_MS06-063.NASL
securityvulns6nessus2cve5coresecurity1prion2cert3checkpoint_advisories4