Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2008-2020 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS08-030.NASL
HistoryJun 11, 2008 - 12:00 a.m.

MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)

2008-06-1100:00:00
This script is Copyright (C) 2008-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24
JSON

The remote host contains a version of the Windows Bluetooth stack that is affected by a security flaw in the service description request handle which could allow a remote attacker to execute code with SYSTEM privileges.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(33132);
 script_version("1.28");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/08/05");

  script_cve_id("CVE-2008-1453");
 script_bugtraq_id(29522);
 script_xref(name:"MSFT", value:"MS08-030");
 script_xref(name:"MSKB", value:"951376");
 script_xref(name:"IAVB", value:"2008-B-0049-S");

 script_name(english:"MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)");
 script_summary(english:"Checks MS patch 951376");

 script_set_attribute(attribute:"synopsis", value:"Arbitrary code can be executed on the remote host through Bluetooth.");
 script_set_attribute(attribute:"description", value:
"The remote host contains a version of the Windows Bluetooth stack that
is affected by a security flaw in the service description request handle
which could allow a remote attacker to execute code with SYSTEM
privileges.");
  # https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-030
  script_set_attribute(attribute:"see_also", value:"https://www.nessus.org/u?a170245e");
 script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows XP and Vista.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-1453");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(20);

 script_set_attribute(attribute:"vuln_publication_date", value:"2008/06/10");
 script_set_attribute(attribute:"patch_publication_date", value:"2008/06/10");
 script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/11");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_set_attribute(attribute:"stig_severity", value:"I");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

  script_copyright(english:"This script is Copyright (C) 2008-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS08-030';
kb = '951376';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(xp:'2,3', vista:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"6.0", sp:1, file:"Bthport.sys", version:"6.0.6001.22168", min_version:"6.0.6001.20000", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:1, file:"Bthport.sys", version:"6.0.6001.18064", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:0, file:"Bthport.sys", version:"6.0.6000.20824", min_version:"6.0.6000.20000", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:0, file:"Bthport.sys", version:"6.0.6000.16682", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||

  hotfix_is_vulnerable(os:"5.1", sp:3, file:"Bthport.sys", version:"5.1.2600.5620", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:2, file:"Bthport.sys", version:"5.1.2600.3389", dir:"\system32\drivers", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

Related

openvas 2
prion 1
securityvulns 2
seebug 1
cve 1
openvas
openvas
Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376)
2008-09-30 00:00:00
Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376)
2008-09-30 00:00:00
prion
prion
Code injection
2008-06-12 02:32:00
securityvulns
securityvulns
Microsoft Security Bulletin MS08-030 – Critical Vulnerability in Bluetooth Stack Could Allow Remote Code Execution &#40;951376&#41;
2008-06-11 00:00:00
Microsoft Wndows Bluetooth stack code execution
2008-06-11 00:00:00
seebug
seebug
Microsoft Windows蓝牙栈远程代码执行漏洞(MS08-030)
2008-06-12 00:00:00
cve
cve
CVE-2008-1453
2008-06-12 02:32:00
JSON
Related for SMB_NT_MS08-030.NASL
openvas2prion1securityvulns2seebug1cve1