Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.SMB_NT_MS11-068.NASL
HistoryAug 09, 2011 - 12:00 a.m.

MS11-068: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)

2011-08-0900:00:00
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
www.tenable.com
7

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

12.8%

JSON

The remote host is running a Windows kernel version that is affected by a denial of service vulnerability involving the code that handles parsing file metadata when browsing a folder.

A remote attacker could exploit this issue by tricking a user into opening a folder containing a specially crafted file, resulting in a denial of service.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(55798);
  script_version("1.15");
  script_cvs_date("Date: 2018/11/15 20:50:31");

  script_cve_id("CVE-2011-1971");
  script_bugtraq_id(48997);
  script_xref(name:"MSFT", value:"MS11-068");
  script_xref(name:"IAVB", value:"2011-B-0104");
  script_xref(name:"MSKB", value:"2556532");

  script_name(english:"MS11-068: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)");
  script_summary(english:"Checks version of Ntoskrnl.exe");

  script_set_attribute(attribute:"synopsis", value:
"The Windows kernel is affected by a vulnerability that could result in
a denial of service.");
  script_set_attribute(attribute:"description", value:
"The remote host is running a Windows kernel version that is affected by
a denial of service vulnerability involving the code that handles
parsing file metadata when browsing a folder.

A remote attacker could exploit this issue by tricking a user into
opening a folder containing a specially crafted file, resulting in a
denial of service.");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2011/ms11-068");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows Vista, 2008, 7,
and 2008 R2.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/08/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/08/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");

  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, 'Host/patch_management_checks');

  exit(0);
}

include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");


get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS11-068';
kb = "2556532";

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(vista:'2', win7:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  # Windows 7 / Server 2008 R2
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Ntoskrnl.exe", version:"6.1.7601.21755", min_version:"6.1.7601.21000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Ntoskrnl.exe", version:"6.1.7601.17640", min_version:"6.1.7601.17000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:0, file:"Ntoskrnl.exe", version:"6.1.7600.20994", min_version:"6.1.7600.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:0, file:"Ntoskrnl.exe", version:"6.1.7600.16841", min_version:"6.1.7600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Vista / Windows Server 2008
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Ntoskrnl.exe", version:"6.0.6002.22662", min_version:"6.0.6002.22000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Ntoskrnl.exe", version:"6.0.6002.18484", min_version:"6.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

Related

openvas 2
cvelist 1
nvd 1
symantec 1
seebug 1
checkpoint_advisories 1
prion 1
cve 1
securityvulns 1
openvas
openvas
Microsoft Windows Kernel Denial of Service Vulnerability (2556532)
2011-08-11 00:00:00
Microsoft Windows Kernel Denial of Service Vulnerability (2556532)
2011-08-11 00:00:00
cvelist
cvelist
CVE-2011-1971
2011-08-10 21:16:00
nvd
nvd
CVE-2011-1971
2011-08-10 21:55:01
symantec
symantec
Microsoft Windows Kernel CVE-2011-1971 Remote Denial of Service Vulnerability
2011-08-09 00:00:00
seebug
seebug
Microsoft Windows Kernel CVE-2011-1971θΏœη¨‹ζ‹’η»ζœεŠ‘ζΌζ΄ž
2011-08-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Office Visio UMLString Code Execution (MS11-060; CVE-2011-1971)
2011-08-09 00:00:00
prion
prion
Design/Logic Flaw
2011-08-10 21:55:00
cve
cve
CVE-2011-1971
2011-08-10 21:55:01
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2011-08-10 00:00:00

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

12.8%

JSON
Related for SMB_NT_MS11-068.NASL
openvas2cvelist1nvd1symantec1seebug1checkpoint_advisories1prion1cve1securityvulns1