Lucene search
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.SMB_NT_MS11-019.NASLHistoryApr 13, 2011 - 12:00 a.m.
MS11-019: Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)
2011-04-1300:00:00
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
www.tenable.com
73
The version of the SMB client software installed on the remote Windows host may be affected by multiple vulnerabilities which could allow an attacker to execute arbitrary code on the remote host subject to the privileges of the user running the affected software.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(53376);
script_version("1.20");
script_cvs_date("Date: 2018/11/15 20:50:30");
script_cve_id("CVE-2011-0654", "CVE-2011-0660");
script_bugtraq_id(46360, 47239);
script_xref(name:"CERT", value:"323172");
script_xref(name:"EDB-ID", value:"16166");
script_xref(name:"MSFT", value:"MS11-019");
script_xref(name:"MSKB", value:"2511455");
script_name(english:"MS11-019: Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)");
script_summary(english:"Checks version of Mrxsmb.sys");
script_set_attribute(
attribute:"synopsis",
value:
"Arbitrary code can be executed on the remote host through the installed
SMB client."
);
script_set_attribute(
attribute:"description",
value:
"The version of the SMB client software installed on the remote Windows
host may be affected by multiple vulnerabilities which could allow an
attacker to execute arbitrary code on the remote host subject to the
privileges of the user running the affected software.");
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2011/ms11-019");
script_set_attribute(
attribute:"solution",
value:
"Microsoft has released a set of patches for Windows XP, 2003, Vista,
2008, 7, and 2008 R2."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/02/14");
script_set_attribute(attribute:"patch_publication_date", value:"2011/04/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, 'Host/patch_management_checks');
exit(0);
}
include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS11-019';
kb = "2511455";
kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'1,2', win7:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");
share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
# Windows 7 and Windows Server 2008 R2
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mrxsmb.sys", version:"6.1.7601.21666", min_version:"6.1.7601.20000", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:1, file:"Mrxsmb.sys", version:"6.1.7601.17565", min_version:"6.1.7601.16000", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:0, file:"Mrxsmb.sys", version:"6.1.7600.20907", min_version:"6.1.7600.20000", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:0, file:"Mrxsmb.sys", version:"6.1.7600.16765", min_version:"6.1.7600.16000", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
# Vista / Windows 2008
hotfix_is_vulnerable(os:"6.0", sp:2, arch:"x64", file:"Mrxsmb.sys", version:"6.0.6002.22592", min_version:"6.0.6002.22000", dir:"\System32\drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:2, arch:"x64", file:"Mrxsmb.sys", version:"6.0.6002.18407", min_version:"6.0.6002.18000", dir:"\System32\drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:1, arch:"x64", file:"Mrxsmb.sys", version:"6.0.6001.22857", min_version:"6.0.6001.22000", dir:"\System32\drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:1, arch:"x64", file:"Mrxsmb.sys", version:"6.0.6001.18602", min_version:"6.0.6001.18000", dir:"\System32\drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:2, arch:"x86", file:"Mrxsmb.sys", version:"6.0.6002.22594", min_version:"6.0.6002.22000", dir:"\System32\drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:2, arch:"x86", file:"Mrxsmb.sys", version:"6.0.6002.18409", min_version:"6.0.6002.18000", dir:"\System32\drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:1, arch:"x86", file:"Mrxsmb.sys", version:"6.0.6001.22859", min_version:"6.0.6001.22000", dir:"\System32\drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:1, arch:"x86", file:"Mrxsmb.sys", version:"6.0.6001.18604", min_version:"6.0.6001.18000", dir:"\System32\drivers", bulletin:bulletin, kb:kb) ||
# Windows 2003 / XP x64
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mrxsmb.sys", version:"5.2.3790.4833", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
# Windows XP x86
hotfix_is_vulnerable(os:"5.1", sp:3, arch:"x86", file:"Mrxsmb.sys", version:"5.1.2600.6082", dir:"\system32\drivers", bulletin:bulletin, kb:kb)
)
{
set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}
Related
openvas
openvas
Microsoft SMB Client Remote Code Execution Vulnerabilities (2511455)
2011-04-13 00:00:00
Microsoft SMB Client Remote Code Execution Vulnerabilities (2511455)
2011-04-13 00:00:00
checkpoint_advisories
checkpoint_advisories
seebug
seebug
Microsoft Windows SMBๅฎขๆท็ซฏ่ฟ็จไปฃ็ ๆง่กๆผๆด(MS11-019)
2011-04-15 00:00:00
cve
cve
CVE-2011-0660
2011-04-13 18:55:00
CVE-2011-0654
2011-02-16 01:00:00
prion
prion
Design/Logic Flaw
2011-04-13 18:55:00
Design/Logic Flaw
2011-02-16 01:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2011-04-17 00:00:00
Related for SMB_NT_MS11-019.NASL