Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.SMB_NT_MS14-070.NASL
HistoryNov 12, 2014 - 12:00 a.m.

MS14-070: Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935)

2014-11-1200:00:00
This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
www.tenable.com
72
JSON

The remote Windows host is affected by an elevation of privilege vulnerability due to the Windows TCP/IP stack improperly handling objects in memory during input/output control (IOCTL) processing. An attacker can exploit this vulnerability by running specially crafted applications after logging into the system.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(79130);
  script_version("1.14");
  script_cvs_date("Date: 2018/11/15 20:50:31");

  script_cve_id("CVE-2014-4076");
  script_bugtraq_id(70976);
  script_xref(name:"EDB-ID", value:"35936");
  script_xref(name:"MSFT", value:"MS14-070");
  script_xref(name:"MSKB", value:"2989935");
  script_xref(name:"IAVA", value:"2014-A-0174");

  script_name(english:"MS14-070: Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935)");
  script_summary(english:"Checks version of tcpip.sys.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by an elevation of privilege
vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is affected by an elevation of privilege
vulnerability due to the Windows TCP/IP stack improperly handling
objects in memory during input/output control (IOCTL) processing. An
attacker can exploit this vulnerability by running specially crafted
applications after logging into the system.");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-070");
  script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for Windows 2003.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'MS14-070 Windows tcpip!SetAddrOptions NULL Pointer Dereference');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/11/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl", "os_fingerprint.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS14-070';
kb = "2989935";

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
product = get_kb_item_or_exit("SMB/ProductName", exit_code:1);

# Note this will pickup XP 64 (ignored below)
if (hotfix_check_sp_range(win2003:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

# 2003 only (no XP)
if ("2003" >!< product) audit(AUDIT_OS_SP_NOT_VULN);

if (
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"tcpip.sys", version:"5.2.3790.5440", dir:"\System32\drivers", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();

  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

Related

zdt 3
cvelist 1
korelogic 1
prion 1
securityvulns 2
packetstorm 2
exploitpack 2
canvas 1
cve 1
checkpoint_advisories 1
symantec 1
openvas 1
exploitdb 2
kaspersky 1
zdt
zdt
Windows 2k3 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070) Exploit
2015-08-15 00:00:00
Windows tcpip.sys Arbitrary Write Privilege Escalation Exploit
2015-02-06 00:00:00
Microsoft Windows Server 2003 SP2 - Privilege Escalation Exploit
2015-01-29 00:00:00
cvelist
cvelist
CVE-2014-4076
2014-11-11 22:00:00
korelogic
korelogic
Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation
2015-01-28 00:00:00
prion
prion
Privilege escalation
2014-11-11 22:55:00
securityvulns
securityvulns
KL-001-2015-001 : Windows 2003 tcpip.sys Privilege Escalation
2015-02-02 00:00:00
Microsoft Windows multiple security vulnerabilities
2015-08-24 00:00:00
packetstorm
packetstorm
Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation
2015-01-29 00:00:00
Windows tcpip.sys Arbitrary Write Privilege Escalation
2015-02-05 00:00:00
exploitpack
exploitpack
Microsoft Windows Server 2003 SP2 - Local Privilege Escalation (MS14-070)
2015-01-29 00:00:00
Microsoft Windows Server 2003 SP2 - TCPIP IOCTL Privilege Escalation (MS14-070)
2015-08-12 00:00:00
canvas
canvas
Immunity Canvas: MS14_070
2014-11-11 22:55:00
cve
cve
CVE-2014-4076
2014-11-11 22:55:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows TCP/IP IOCTL Processing Elevation of Privilege (MS14-070; CVE-2014-4076)
2014-11-11 00:00:00
symantec
symantec
Microsoft Windows TCP/IP CVE-2014-4076 Local Privilege Escalation Vulnerability
2014-11-11 00:00:00
openvas
openvas
Microsoft Windows TCP/IP Privilege Elevation Vulnerability (2989935)
2014-11-12 00:00:00
exploitdb
exploitdb
Microsoft Windows Server 2003 SP2 - Local Privilege Escalation (MS14-070)
2015-01-29 00:00:00
Microsoft Windows Server 2003 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070)
2015-08-12 00:00:00
kaspersky
kaspersky
KLA10601 Multiple vulnerabilities in Microsoft products
2014-11-11 00:00:00
JSON
Related for SMB_NT_MS14-070.NASL
zdt3cvelist1korelogic1prion1securityvulns2packetstorm2exploitpack2canvas1cve1checkpoint_advisories1symantec1openvas1exploitdb2kaspersky1