Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.WIN_SERVER_2008_NTLM_PCI.NASL
HistoryApr 03, 2018 - 12:00 a.m.

Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)

2018-04-0300:00:00
This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
140
JSON

According to the version number obtained by NTLM the remote host has Windows Server 2008 installed. The host may be vulnerable to a number of vulnerabilities including remote unauthenticated code execution.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(108811);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/08/05");

  script_cve_id(
    "CVE-2008-0015",
    "CVE-2008-0020",
    "CVE-2008-4038",
    "CVE-2008-4114",
    "CVE-2008-4250",
    "CVE-2008-4609",
    "CVE-2008-4835",
    "CVE-2009-0086",
    "CVE-2009-0089",
    "CVE-2009-0550",
    "CVE-2009-0901",
    "CVE-2009-1925",
    "CVE-2009-1926",
    "CVE-2009-1930",
    "CVE-2009-2493",
    "CVE-2009-2494",
    "CVE-2009-2505",
    "CVE-2009-3676",
    "CVE-2009-3677",
    "CVE-2009-3678",
    "CVE-2010-0020",
    "CVE-2010-0021",
    "CVE-2010-0022",
    "CVE-2010-0231",
    "CVE-2010-0239",
    "CVE-2010-0240",
    "CVE-2010-0241",
    "CVE-2010-0242",
    "CVE-2010-0269",
    "CVE-2010-0270",
    "CVE-2010-0476",
    "CVE-2010-0477",
    "CVE-2010-1263",
    "CVE-2010-2550",
    "CVE-2010-2551",
    "CVE-2010-2552"
  );
  script_bugtraq_id(
    31179,
    31545,
    31647,
    31874,
    33121,
    33122,
    34435,
    34437,
    34439,
    35558,
    35585,
    35828,
    35832,
    35982,
    35993,
    36265,
    36269,
    36989,
    37197,
    37198,
    38049,
    38051,
    38054,
    38061,
    38062,
    38063,
    38064,
    38085,
    39312,
    39336,
    39339,
    39340,
    40237,
    40574,
    42224,
    42263,
    42267
  );
  script_xref(name:"CERT", value:"827267");
  script_xref(name:"IAVA", value:"2008-A-0081-S");
  script_xref(name:"IAVA", value:"2009-A-0077-S");
  script_xref(name:"IAVA", value:"2009-A-0126-S");
  script_xref(name:"IAVA", value:"2010-A-0030-S");
  script_xref(name:"IAVB", value:"2009-B-0037-S");
  script_xref(name:"CERT", value:"180513");
  script_xref(name:"CERT", value:"456745");
  script_xref(name:"EDB-ID", value:"6463");
  script_xref(name:"EDB-ID", value:"6824");
  script_xref(name:"EDB-ID", value:"7104");
  script_xref(name:"EDB-ID", value:"7132");
  script_xref(name:"EDB-ID", value:"9108");
  script_xref(name:"EDB-ID", value:"16615");
  script_xref(name:"EDB-ID", value:"14607");
  script_xref(name:"MSFT", value:"MS08-063");
  script_xref(name:"MSFT", value:"MS08-067");
  script_xref(name:"MSFT", value:"MS09-001");
  script_xref(name:"MSFT", value:"MS09-013");
  script_xref(name:"MSFT", value:"MS09-037");
  script_xref(name:"MSFT", value:"MS09-042");
  script_xref(name:"MSFT", value:"MS09-048");
  script_xref(name:"MSFT", value:"MS09-071");
  script_xref(name:"MSFT", value:"MS10-009");
  script_xref(name:"MSFT", value:"MS10-012");
  script_xref(name:"MSFT", value:"MS10-020");
  script_xref(name:"MSFT", value:"MS10-043");
  script_xref(name:"MSFT", value:"MS10-054");
  script_xref(name:"MSFT", value:"MS10-083");
  script_xref(name:"MSKB", value:"957095");
  script_xref(name:"MSKB", value:"958644");
  script_xref(name:"MSKB", value:"958687");
  script_xref(name:"MSKB", value:"960803");
  script_xref(name:"MSKB", value:"967723");
  script_xref(name:"MSKB", value:"960859");
  script_xref(name:"MSKB", value:"973354");
  script_xref(name:"MSKB", value:"973507");
  script_xref(name:"MSKB", value:"973540");
  script_xref(name:"MSKB", value:"973815");
  script_xref(name:"MSKB", value:"973869");
  script_xref(name:"MSKB", value:"974318");
  script_xref(name:"MSKB", value:"971468");
  script_xref(name:"MSKB", value:"974145");
  script_xref(name:"MSKB", value:"980232");
  script_xref(name:"MSKB", value:"979687");
  script_xref(name:"MSKB", value:"982214");
  script_xref(name:"MSKB", value:"2032276");

  script_name(english:"Windows Server 2008 Critical RCE Vulnerabilities (uncredentialed) (PCI/DSS)");
  script_summary(english:"Checks the OS version number");

  script_set_attribute(attribute:"synopsis", value:
"The remote host may allow remote code execution.");
  script_set_attribute(attribute:"description", value:
"According to the version number obtained by NTLM the
remote host has Windows Server 2008 installed. The host
may be vulnerable to a number of vulnerabilities including
remote unauthenticated code execution.");
  script_set_attribute(attribute:"solution", value:
"Ensure the appropriate patches have been applied.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:ND/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:X/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-4038");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(16, 20, 94, 119, 189, 255, 264, 287, 310, 362, 399);

  script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/03");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smtp_ntlm_info.nasl");
  script_require_keys("Settings/ParanoidReport", "Settings/PCI_DSS");
  script_require_ports("Services/smtp", 25);

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("smtp_func.inc");
include("audit.inc");

if (!get_kb_item("Settings/PCI_DSS"))
{
  audit(AUDIT_PCI);
}

if (report_paranoia < 2)
{
  audit(AUDIT_PARANOID);
}

port = get_kb_item_or_exit("Services/smtp");
os_version = get_kb_item_or_exit("smtp/"+port+"/ntlm/host/os_version");
if (os_version != "6.0.6001")
{
  audit(AUDIT_OS_SP_NOT_VULN);
}

security_report_v4(severity:SECURITY_HOLE, port:port);
exit(0);

References

Related

threatpost 2
securityvulns 33
openvas 39
nessus 20
mskb 3
checkpoint_advisories 19
f5 2
cert 3
exploitpack 1
prion 22
cve 21
exploitdb 1
seebug 14
cbl_mariner 2
packetstorm 1
checkpoint_security 2
saint 8
ubuntucve 1
debiancve 1
cisco 1
canvas 1
attackerkb 1
symantec 1
threatpost
threatpost
MS Patch Tuesday: 13 Bulletins, 26 Vulnerabilities
2010-02-09 19:33:53
MS Confirms Windows 7 DoS Flaw
2009-11-16 16:23:24
securityvulns
securityvulns
Microsoft Security Bulletin MS10-020 - Critical Vulnerabilities in SMB Client Could Allow Remote Code Execution &#40;980232&#41;
2010-04-15 00:00:00
Microsoft Security Bulletin MS09-037 - Critical Vulnerabilities in Microsoft Active Template Library &#40;ATL&#41; Could Allow Remote Code Execution &#40;973908&#41;
2009-08-11 00:00:00
Microsoft Windows TCP/IP and TCP/IPv6 multiple security vulnerabilities
2010-02-10 00:00:00
openvas
openvas
Microsoft SMB Client Remote Code Execution Vulnerabilities (980232)
2010-04-14 00:00:00
Microsoft SMB Client Remote Code Execution Vulnerabilities (980232)
2010-04-14 00:00:00
Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908)
2009-08-14 00:00:00
nessus
nessus
MS10-020: Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
2010-04-13 00:00:00
MS09-037: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)
2009-08-11 00:00:00
MS10-012: Vulnerabilities in SMB Could Allow Remote Code Execution (971468)
2010-02-09 00:00:00
mskb
mskb
MS09-037: Vulnerabilities in Microsoft Active Template Library (ATL) could allow remote code execution
2019-11-06 02:17:02
MS09-035: Vulnerabilities in Visual Studio Active Template Libraries could allow remote code execution
2018-04-17 20:27:28
MS09-055: Cumulative Security Update of ActiveX Kill Bits
2020-04-13 02:02:28
checkpoint_advisories
checkpoint_advisories
TCP Window Size Enforcement (CVE-2008-4609; CVE-2009-1925; CVE-2009-1926)
2009-09-08 00:00:00
Microsoft ATL Multiple ActiveX Remote Code Executions (MS09-037; CVE-2008-0020; CVE-2009-2493; CVE-2009-2494)
2009-09-08 00:00:00
Microsoft Windows Malformed SMB Search Request Buffer Overflow (MS08-063; CVE-2008-4038)
2008-10-02 00:00:00
f5
f5
SOL10441 - Microsoft Active Template Library (ATL) vulnerabilities VU#456745
2009-08-17 00:00:00
SOL10509 - Sockstress DoS tool vulnerability CVE-2008-4609
2009-09-07 00:00:00
cert
cert
TCP may keep its offered receive window closed indefinitely (RFC 1122)
2009-11-23 00:00:00
ActiveX controls built with Microsoft ATL fail to properly handle initialization data
2009-07-28 00:00:00
Microsoft Server service RPC stack buffer overflow vulnerability
2008-10-23 00:00:00
exploitpack
exploitpack
Microsoft Windows 72008 R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC)
2010-04-17 00:00:00
prion
prion
Memory corruption
2009-07-07 23:30:00
Buffer overflow
2008-10-15 00:12:00
Stack overflow
2010-08-11 18:47:00
cve
cve
CVE-2008-0020
2009-07-07 23:30:00
CVE-2008-4038
2008-10-15 00:12:00
CVE-2010-2552
2010-08-11 18:47:00
exploitdb
exploitdb
Microsoft Windows 7/2008 R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC)
2010-04-17 00:00:00
seebug
seebug
Microsoft Windows SMB缓冲区下溢漏洞(MS08-063)
2008-10-15 00:00:00
Microsoft Visual Studio ATL COM对象远程代码执行漏洞
2009-07-29 00:00:00
Microsoft Windows cdd.dll驱动远程拒绝服务漏洞
2010-05-20 00:00:00
cbl_mariner
cbl_mariner
CVE-2008-4609 affecting package kernel for versions less than 5.10.78.1-1
2022-04-09 06:52:47
CVE-2008-4609 affecting package kernel 5.10.111.1-1
2021-09-09 15:03:26
packetstorm
packetstorm
Microsoft SMB Server Zero Size Pool Allocation
2010-08-13 00:00:00
checkpoint_security
checkpoint_security
Check Point response to Phrack article "Exploiting TCP Persist Timer Infiniteness" (CVE-2009-1926, VU#723308)
2009-09-05 21:00:00
Check Point response to Sockstress TCP DoS attacks (CVE-2008-4609)
2009-09-05 21:00:00
saint
saint
Internet Explorer WinINet credential reflection vulnerability
2009-05-04 00:00:00
Internet Explorer WinINet credential reflection vulnerability
2009-05-04 00:00:00
Internet Explorer WinINet credential reflection vulnerability
2009-05-04 00:00:00
ubuntucve
ubuntucve
CVE-2008-4609
2008-10-20 00:00:00
debiancve
debiancve
CVE-2008-4609
2008-10-20 17:59:00
cisco
cisco
TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products
2009-09-08 00:00:00
canvas
canvas
Immunity Canvas: MS08_067
2008-10-23 22:00:00
attackerkb
attackerkb
Microsoft RPC Code Execution MS08-067
2020-04-13 00:00:00
symantec
symantec
Microsoft Windows TCP/IP Orphaned Connection Remote Denial of Service Vulnerability
2009-09-08 00:00:00
JSON
Related for WIN_SERVER_2008_NTLM_PCI.NASL
threatpost2securityvulns33openvas39nessus20mskb3checkpoint_advisories19f52cert3exploitpack1prion22cve21exploitdb1seebug14cbl_mariner2packetstorm1checkpoint_security2saint8ubuntucve1debiancve1cisco1canvas1attackerkb1symantec1