Lucene search
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.SMB_NT_MS11-065.NASLHistoryAug 09, 2011 - 12:00 a.m.
MS11-065: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
2011-08-0900:00:00
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
www.tenable.com
17
CVSS2
7.1
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
EPSS
0.964
Percentile
99.6%
A denial of service vulnerability exists in the implementation of the Remote Desktop Protocol (RDP) on the remote Windows host due to the way it accesses an object in memory that has been improperly initialized or has been deleted.
If RDP has been enabled on the affected system, an unauthenticated, remote attacker could leverage this vulnerability to cause the system to stop responding and automatically reboot by sending a sequence of specially crafted RDP packets to it.
Note that the Remote Desktop Protocol is not enabled by default.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(55795);
script_version("1.12");
script_cvs_date("Date: 2018/11/15 20:50:31");
script_cve_id("CVE-2011-1968");
script_bugtraq_id(48995);
script_xref(name:"MSFT", value:"MS11-065");
script_xref(name:"MSKB", value:"2570222");
script_name(english:"MS11-065: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)");
script_summary(english:"Checks version of Rdpwd.sys");
script_set_attribute(
attribute:"synopsis",
value:"The remote Windows host is susceptible to a denial of service attack."
);
script_set_attribute(
attribute:"description",
value:
"A denial of service vulnerability exists in the implementation of the
Remote Desktop Protocol (RDP) on the remote Windows host due to the way
it accesses an object in memory that has been improperly initialized or
has been deleted.
If RDP has been enabled on the affected system, an unauthenticated,
remote attacker could leverage this vulnerability to cause the system to
stop responding and automatically reboot by sending a sequence of
specially crafted RDP packets to it.
Note that the Remote Desktop Protocol is not enabled by default."
);
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2011/ms11-065");
script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows XP and 2003.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/09");
script_set_attribute(attribute:"patch_publication_date", value:"2011/08/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:remote_desktop_protocol");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, 'Host/patch_management_checks');
exit(0);
}
include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS11-065';
kb = "2570222";
kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
if (hotfix_check_sp_range(xp:'3', win2003:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");
share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
# Windows 2003 / XP 64-bit
hotfix_is_vulnerable(os:"5.2", sp:2, file:"Rdpwd.sys", version:"5.2.3790.4881", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
# Windows XP 32-bit
hotfix_is_vulnerable(os:"5.1", sp:3, file:"Rdpwd.sys", version:"5.1.2600.6128", dir:"\system32\drivers", bulletin:bulletin, kb:kb)
)
{
set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}
Related
checkpoint_advisories
checkpoint_advisories
prion
prion
Remote code execution
2011-08-10 21:55:00
openvas
openvas
Microsoft Remote Desktop Protocol Denial of Service Vulnerability (2570222)
2011-08-11 00:00:00
Microsoft Remote Desktop Protocol Denial of Service Vulnerability (2570222)
2011-08-11 00:00:00
cvelist
cvelist
CVE-2011-1968
2011-08-10 21:16:00
nvd
nvd
CVE-2011-1968
2011-08-10 21:55:01
symantec
symantec
seebug
seebug
Microsoft Windows 远程桌面协议CVE-2011-1968拒绝服务漏洞
2011-08-10 00:00:00
cve
cve
CVE-2011-1968
2011-08-10 21:55:01
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2011-08-10 00:00:00
CVSS2
7.1
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
EPSS
0.964
Percentile
99.6%
Related for SMB_NT_MS11-065.NASL