Lucene search
This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS15-117.NASLHistoryNov 10, 2015 - 12:00 a.m.
MS15-117: Security Update for NDIS to Address Elevation of Privilege (3101722)
2015-11-1000:00:00
This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.668 Medium
EPSS
Percentile
98.0%
The remote Windows host is affected by an elevation of privilege vulnerability in the Network Driver Interface Specification (NDIS) due to a failure to check the length of a buffer prior to copying it into memory. An authenticated, remote attacker can exploit this vulnerability, via a specially crafted application, to gain elevated privileges on the system.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(86824);
script_version("1.9");
script_cvs_date("Date: 2019/11/20");
script_cve_id("CVE-2015-6098");
script_bugtraq_id(77473);
script_xref(name:"MSFT", value:"MS15-117");
script_xref(name:"MSKB", value:"3101722");
script_xref(name:"IAVA", value:"2015-A-0277");
script_name(english:"MS15-117: Security Update for NDIS to Address Elevation of Privilege (3101722)");
script_summary(english:"Checks the version of ndis.sys.");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by an elevation of privilege
vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote Windows host is affected by an elevation of privilege
vulnerability in the Network Driver Interface Specification (NDIS) due
to a failure to check the length of a buffer prior to copying it into
memory. An authenticated, remote attacker can exploit this
vulnerability, via a specially crafted application, to gain elevated
privileges on the system.");
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-117");
script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows Vista, 2008, 7,
and 2008 R2.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6098");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/11/10");
script_set_attribute(attribute:"patch_publication_date", value:"2015/11/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS15-117';
kb = '3101722';
kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);
if (hotfix_check_sp_range(vista:'2', win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);
if (
# Windows 7 SP1 / Windows Server 2008 R2
hotfix_is_vulnerable(os:"6.1", sp:1, file:"ndis.sys", version:"6.1.7601.23235", min_version:"6.1.7601.21000", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.1", sp:1, file:"ndis.sys", version:"6.1.7601.19030", min_version:"6.1.7600.17000", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
# Windows Vista / Windows Server 2008
hotfix_is_vulnerable(os:"6.0", sp:2, file:"ndis.sys", version:"6.0.6002.23822", min_version:"6.0.6002.23000", dir:"\system32\drivers", bulletin:bulletin, kb:kb) ||
hotfix_is_vulnerable(os:"6.0", sp:2, file:"ndis.sys", version:"6.0.6002.19512", min_version:"6.0.6001.18000", dir:"\system32\drivers", bulletin:bulletin, kb:kb)
)
{
set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
hotfix_security_hole();
hotfix_check_fversion_end();
exit(0);
}
else
{
hotfix_check_fversion_end();
audit(AUDIT_HOST_NOT, 'affected');
}
Related
cve
cve
CVE-2015-6098
2015-11-11 12:59:37
symantec
symantec
openvas
openvas
Microsoft Windows NDIS Elevation of Privilege Vulnerability (3101722)
2015-11-11 00:00:00
nvd
nvd
CVE-2015-6098
2015-11-11 12:59:37
cvelist
cvelist
CVE-2015-6098
2015-11-11 11:00:00
prion
prion
Design/Logic Flaw
2015-11-11 12:59:00
kaspersky
kaspersky
KLA10694 Multiple vulnerabilities in Microsoft Windows
2015-11-10 00:00:00
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.668 Medium
EPSS
Percentile
98.0%
Related for SMB_NT_MS15-117.NASL