Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS17_MAY_4019112.NASL
HistoryMay 09, 2017 - 12:00 a.m.

Security and Quality Rollup for .NET Framework (May 2017)

2017-05-0900:00:00
This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
90
JSON

The version of Microsoft .NET Framework installed on the remote Windows host is missing a security update. It is, therefore, affected by a security bypass vulnerability in the Microsoft .NET Framework and .NET Core components due to a failure to completely validate certificates. An unauthenticated, remote attacker can exploit this to present a certificate that is marked invalid for a specific use, but the component uses it for that purpose, resulting in a bypass of the Enhanced Key Usage taggings.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(100056);
  script_version("1.12");
  script_cvs_date("Date: 2019/11/13");

  script_cve_id("CVE-2017-0248");
  script_bugtraq_id(98117);
  script_xref(name:"MSKB", value:"4016871");
  script_xref(name:"MSFT", value:"MS17-4016871");
  script_xref(name:"MSKB", value:"4019108");
  script_xref(name:"MSFT", value:"MS17-4019108");
  script_xref(name:"MSKB", value:"4019109");
  script_xref(name:"MSFT", value:"MS17-4019109");
  script_xref(name:"MSKB", value:"4019110");
  script_xref(name:"MSFT", value:"MS17-4019110");
  script_xref(name:"MSKB", value:"4019111");
  script_xref(name:"MSFT", value:"MS17-4019111");
  script_xref(name:"MSKB", value:"4019112");
  script_xref(name:"MSFT", value:"MS17-4019112");
  script_xref(name:"MSKB", value:"4019113");
  script_xref(name:"MSFT", value:"MS17-4019113");
  script_xref(name:"MSKB", value:"4019114");
  script_xref(name:"MSFT", value:"MS17-4019114");
  script_xref(name:"MSKB", value:"4019115");
  script_xref(name:"MSFT", value:"MS17-4019115");
  script_xref(name:"MSKB", value:"4019472");
  script_xref(name:"MSFT", value:"MS17-4019472");
  script_xref(name:"MSKB", value:"4019473");
  script_xref(name:"MSFT", value:"MS17-4019473");
  script_xref(name:"MSKB", value:"4019474");
  script_xref(name:"MSFT", value:"MS17-4019474");

  script_name(english:"Security and Quality Rollup for .NET Framework (May 2017)");
  script_summary(english:"Checks the file versions.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has a software framework installed that is
affected by a security feature bypass vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Microsoft .NET Framework installed on the remote
Windows host is missing a security update. It is, therefore, affected
by a security bypass vulnerability in the Microsoft .NET Framework and
.NET Core components due to a failure to completely validate
certificates. An unauthenticated, remote attacker can exploit this to
present a certificate that is marked invalid for a specific use, but
the component uses it for that purpose, resulting in a bypass of the
Enhanced Key Usage taggings.");
  # https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/bc365363-f51e-e711-80da-000d3a32fc99
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?891ed5ca");
  # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0248
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e3805e39");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Microsoft .NET Framework
2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-0248");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/05/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:.net_framework");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_dotnet_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl", "microsoft_net_framework_installed.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("install_func.inc");
include("misc_func.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = "MS17-05";
kbs = make_list(
  '4019115', # 2008 SP2 Cumulative Rollup All .Net
  '4019109', # 2008 SP2 Security Only Rollup All .Net
  '4019112', # 7 SP1 / 2008 R2 SP1 Cumulative Rollup All .Net
  '4019108', # 7 SP1 / 2008 R2 SP1 Security Only Rollup All .Net
  '4019113', # Server 2012 Cumulative Rollup All .Net
  '4019110', # Server 2012 Security Only Rollup All .Net
  '4019114', # 8.1 / 2012 R2 Cumulative Rollup All .Net
  '4019111', # 8.1 / 2012 R2 Security Only Rollup All .Net
  '4019474', # 10 RTM Cumulative Rollup All .Net
  '4019473', # 10 1511 Cumulative Rollup All .Net
  '4019471', # 10 1607 Cumulative Rollup All .Net
  '4016871'  # 10 1703 Cumulative Rollup All .Net
  );

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1);
if ("Windows 8" >< productname && "Windows 8.1" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);
else if ("Vista" >< productname) audit(AUDIT_OS_SP_NOT_VULN);

share = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

app = 'Microsoft .NET Framework';
get_install_count(app_name:app, exit_if_zero:TRUE);
installs = get_combined_installs(app_name:app);

vuln = 0;

if (installs[0] == 0)
{
  foreach install (installs[1])
  {
    version = install['version'];
    if( version != UNKNOWN_VER &&
        smb_check_dotnet_rollup(rollup_date:"05_2017", dotnet_ver:version))
      vuln++;
  }
}
if(vuln)
{
  hotfix_security_warning();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, "affected");
}
VendorProductVersionCPE
microsoft.net_frameworkcpe:/a:microsoft:.net_framework

Related

mskb 12
openvas 8
prion 1
symantec 1
cve 1
osv 1
kaspersky 1
github 1
mscve 1
nessus 5
trendmicroblog 1
mskb
mskb
Security Only update for the .NET Framework 2.0 Service Pack 2, 4.5.2, and 4.6 updates for Windows Server 2008 Service Pack 2: May 9, 2017
2017-05-09 07:00:00
Security and Quality Rollup for the .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, and 4.6.2 updates for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: May 9, 2017
2017-05-09 07:00:00
Security and Quality Rollup for the .NET Framework 3.5 Service Pack 1, 4.5.2, 4.6, 4.6.1, and 4.6.2 updates for Windows Server 2012: May 9, 2017
2017-05-09 07:00:00
openvas
openvas
Microsoft .NET Framework Security Bypass Vulnerability (4019112)
2017-05-11 00:00:00
Microsoft .NET Framework Security Bypass Vulnerability (4019113)
2017-05-11 00:00:00
Microsoft .NET Framework Security Bypass Vulnerability (4019114)
2017-05-11 00:00:00
prion
prion
Security feature bypass
2017-05-12 14:29:00
symantec
symantec
Microsoft .NET Framework CVE-2017-0248 Security Bypass Vulnerability
2017-05-09 00:00:00
cve
cve
CVE-2017-0248
2017-05-12 14:29:00
osv
osv
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core
2018-10-16 19:58:52
kaspersky
kaspersky
KLA11011 Security Bypass vulnerability in Microsoft .NET Framework
2017-05-09 00:00:00
github
github
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core
2018-10-16 19:58:52
mscve
mscve
.NET Security Feature Bypass Vulnerability
2017-05-09 07:00:00
nessus
nessus
Windows 8.1 and Windows Server 2012 R2 May 2017 Security Updates
2017-05-09 00:00:00
KB4019474: Windows 10 Version 1507 May 2017 Cumulative Update
2017-05-09 00:00:00
KB4019473: Windows 10 Version 1511 May 2017 Cumulative Update
2017-05-09 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 8, 2017
2017-05-12 16:47:57
JSON
Related for SMB_NT_MS17_MAY_4019112.NASL
mskb12openvas8prion1symantec1cve1osv1kaspersky1github1mscve1nessus5trendmicroblog1