Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.SMB_NT_MS14-066.NASL
HistoryNov 12, 2014 - 12:00 a.m.

MS14-066: Vulnerability in Schannel Could Allow Remote Code Execution (2992611)

2014-11-1200:00:00
This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
www.tenable.com
433
JSON

The remote Windows host is affected by a remote code execution vulnerability due to improper processing of packets by the Secure Channel (Schannel) security package. An attacker can exploit this issue by sending specially crafted packets to a Windows server.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(79127);
  script_version("1.12");
  script_cvs_date("Date: 2018/11/15 20:50:31");

  script_cve_id("CVE-2014-6321");
  script_bugtraq_id(70954);
  script_xref(name:"CERT", value:"505120");
  script_xref(name:"MSFT", value:"MS14-066");
  script_xref(name:"MSKB", value:"2992611");

  script_name(english:"MS14-066: Vulnerability in Schannel Could Allow Remote Code Execution (2992611)");
  script_summary(english:"Checks the version of Schannel.dll.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by a remote code execution
vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is affected by a remote code execution
vulnerability due to improper processing of packets by the Secure
Channel (Schannel) security package. An attacker can exploit this
issue by sending specially crafted packets to a Windows server.");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-066");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2003, Vista, 2008,
7, 2008 R2, 8, 2012, 8.1, and 2012 R2.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/11/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS14-066';
kb  = "2992611";

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win2003:'2', vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  # Windows 8.1 / Windows Server 2012 R2
  hotfix_is_vulnerable(os:"6.3", sp:0, file:"Schannel.dll", version:"6.3.9600.17385", min_version:"6.3.9600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows 8 / Windows Server 2012
  hotfix_is_vulnerable(os:"6.2", sp:0, file:"Schannel.dll", version:"6.2.9200.21241", min_version:"6.2.9200.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.2", sp:0, file:"Schannel.dll", version:"6.2.9200.17124", min_version:"6.2.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows 7 / Server 2008 R2
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Schannel.dll", version:"6.1.7601.22814", min_version:"6.1.7601.22000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Schannel.dll", version:"6.1.7601.18606", min_version:"6.1.7600.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Vista / Windows Server 2008
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Schannel.dll", version:"6.0.6002.23555", min_version:"6.0.6002.23000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Schannel.dll", version:"6.0.6002.19247", min_version:"6.0.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows Server 2003
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Schannel.dll", version:"5.2.3790.5462", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

Related

checkpoint_advisories 4
prion 1
openvas 1
f5 2
symantec 1
cvelist 1
cve 1
mskb 1
cert 1
threatpost 1
ibm 1
securityvulns 1
kaspersky 1
checkpoint_advisories
checkpoint_advisories
Microsoft Windows SChannel Denial Of Service (MS14-066; CVE-2014-6321)
2014-11-25 00:00:00
Microsoft Windows Schannel Remote Code Execution - Ver2 (CVE-2014-6321)
2015-03-26 00:00:00
Microsoft Windows Schannel Remote Code Execution (MS14-066; CVE-2014-6321)
2014-11-11 00:00:00
prion
prion
Remote code execution
2014-11-11 22:55:00
openvas
openvas
Microsoft Windows Secure Channel Remote Code Execution Vulnerability (2992611)
2014-11-12 00:00:00
f5
f5
SOL16128 - Microsoft Schannel vulnerability CVE-2014-6321
2015-02-12 00:00:00
K16128 : Microsoft Schannel vulnerability CVE-2014-6321
2015-02-12 00:00:00
symantec
symantec
Microsoft Secure Channel CVE-2014-6321 Remote Code Execution Vulnerability
2014-11-11 00:00:00
cvelist
cvelist
CVE-2014-6321
2014-11-11 22:00:00
cve
cve
CVE-2014-6321
2014-11-11 22:55:00
mskb
mskb
MS14-066: Vulnerability in SChannel could allow remote code execution: November 11, 2014
2018-02-27 00:00:00
cert
cert
Microsoft Secure Channel (Schannel) vulnerable to remote code execution via specially crafted packets
2014-11-13 00:00:00
threatpost
threatpost
Microsoft Schannel Bug Latest in Long Line of Serious Crypto Flaws
2014-11-12 08:02:21
ibm
ibm
Security Bulletin: Multiple vulnerabilities affect IBM Security SiteProtector Appliance (CVE-2013-2566, CVE-2014-6321, CVE-2015-0162)
2018-06-16 21:23:20
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2015-08-24 00:00:00
kaspersky
kaspersky
KLA10601 Multiple vulnerabilities in Microsoft products
2014-11-11 00:00:00
JSON
Related for SMB_NT_MS14-066.NASL
checkpoint_advisories4prion1openvas1f52symantec1cvelist1cve1mskb1cert1threatpost1ibm1securityvulns1kaspersky1