Lucene search
Copyright (C) 2011 Greenbone Networks GmbHOPENVAS:1361412562310900279HistoryApr 13, 2011 - 12:00 a.m.
Microsoft SMB Client Remote Code Execution Vulnerabilities (2511455)
2011-04-1300:00:00
Copyright (C) 2011 Greenbone Networks GmbH
plugins.openvas.org
10
6.4 Medium
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.949 High
EPSS
Percentile
99.3%
This host is missing a critical security update according to
Microsoft Bulletin MS11-019.
# Copyright (C) 2011 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.900279");
script_version("2022-05-25T07:40:23+0000");
script_tag(name:"last_modification", value:"2022-05-25 07:40:23 +0000 (Wed, 25 May 2022)");
script_tag(name:"creation_date", value:"2011-04-13 17:05:53 +0200 (Wed, 13 Apr 2011)");
script_cve_id("CVE-2011-0654", "CVE-2011-0660");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_name("Microsoft SMB Client Remote Code Execution Vulnerabilities (2511455)");
script_xref(name:"URL", value:"http://support.microsoft.com/kb/2511455");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/46360");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/47239");
script_xref(name:"URL", value:"http://xforce.iss.net/xforce/xfdb/65376");
script_xref(name:"URL", value:"http://www.exploit-db.com/exploits/16166/");
script_xref(name:"URL", value:"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-019");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
script_family("Windows : Microsoft Bulletins");
script_dependencies("secpod_reg_enum.nasl");
script_require_ports(139, 445);
script_mandatory_keys("SMB/registry_enumerated");
script_tag(name:"impact", value:"Successful exploitation could allow remote attacker to execute arbitrary
code by creating a specially crafted browser message and sending the message
to an affected system or attacker could perform a man-in-the-middle attack
to respond to a legitimate SMB request with a malformed SMB response.");
script_tag(name:"affected", value:"- Microsoft Windows 7 Service Pack 1 and prior
- Microsoft Windows XP Service Pack 3 and prior
- Microsoft Windows 2003 Service Pack 2 and prior
- Microsoft Windows Vista Service Pack 1/2 and prior
- Microsoft Windows Server 2008 Service Pack 1/2 and prior");
script_tag(name:"insight", value:"The flaws are due to:
- errors in SMB client implementation which fails to validate specially
crafted SMB responses.
- error in CIFS Browser Protocol implementation which fails to parse
specially crafted Computer Browser messages causing memory corruption.");
script_tag(name:"solution", value:"The vendor has released updates. Please see the references for more information.");
script_tag(name:"summary", value:"This host is missing a critical security update according to
Microsoft Bulletin MS11-019.");
script_tag(name:"qod_type", value:"executable_version");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");
if(hotfix_check_sp(xp:4, win2003:3, winVista:3, win2008:3, win7:2) <= 0){
exit(0);
}
## MS11-019 Hotfix (2511455)
if(hotfix_missing(name:"2511455") == 0){
exit(0);
}
sysPath = smb_get_systemroot();
if(!sysPath ){
exit(0);
}
sysVer = fetch_file_version(sysPath:sysPath, file_name:"system32\drivers\Mrxsmb.sys");
if(!sysVer){
exit(0);
}
if(hotfix_check_sp(xp:4) > 0)
{
SP = get_kb_item("SMB/WinXP/ServicePack");
if("Service Pack 3" >< SP)
{
if(version_is_less(version:sysVer, test_version:"5.1.2600.6082")){
security_message( port: 0, data: "The target host was found to be vulnerable" );
}
exit(0);
}
security_message( port: 0, data: "The target host was found to be vulnerable" );
}
else if(hotfix_check_sp(win2003:3) > 0)
{
SP = get_kb_item("SMB/Win2003/ServicePack");
if("Service Pack 2" >< SP)
{
if(version_is_less(version:sysVer, test_version:"5.2.3790.4833")){
security_message( port: 0, data: "The target host was found to be vulnerable" );
}
exit(0);
}
security_message( port: 0, data: "The target host was found to be vulnerable" );
}
else if(hotfix_check_sp(winVista:3, win2008:3) > 0)
{
SP = get_kb_item("SMB/WinVista/ServicePack");
if(!SP) {
SP = get_kb_item("SMB/Win2008/ServicePack");
}
if("Service Pack 1" >< SP)
{
if(version_in_range(version:sysVer, test_version:"6.0.6001.18000", test_version2:"6.0.6001.18603")||
version_in_range(version:sysVer, test_version:"6.0.6001.22000", test_version2:"6.0.6001.22858")){
security_message( port: 0, data: "The target host was found to be vulnerable" );
}
exit(0);
}
if("Service Pack 2" >< SP)
{
if(version_in_range(version:sysVer, test_version:"6.0.6002.18000", test_version2:"6.0.6002.18408")||
version_in_range(version:sysVer, test_version:"6.0.6002.22000", test_version2:"6.0.6002.22593")){
security_message( port: 0, data: "The target host was found to be vulnerable" );
}
exit(0);
}
security_message( port: 0, data: "The target host was found to be vulnerable" );
}
else if(hotfix_check_sp(win7:2) > 0)
{
if(version_in_range(version:sysVer, test_version:"6.1.7600.16000", test_version2:"6.1.7600.16764")||
version_in_range(version:sysVer, test_version:"6.1.7600.20000", test_version2:"6.1.7600.20906")||
version_in_range(version:sysVer, test_version:"6.1.7601.17000", test_version2:"6.1.7601.17564")||
version_in_range(version:sysVer, test_version:"6.1.7601.21000", test_version2:"6.1.7601.21665")){
security_message( port: 0, data: "The target host was found to be vulnerable" );
}
}
Related
nessus
nessus
openvas
openvas
checkpoint_advisories
checkpoint_advisories
seebug
seebug
Microsoft Windows SMBๅฎขๆท็ซฏ่ฟ็จไปฃ็ ๆง่กๆผๆด(MS11-019)
2011-04-15 00:00:00
cve
cve
CVE-2011-0660
2011-04-13 18:55:00
CVE-2011-0654
2011-02-16 01:00:00
prion
prion
Design/Logic Flaw
2011-04-13 18:55:00
Design/Logic Flaw
2011-02-16 01:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2011-04-17 00:00:00
6.4 Medium
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.949 High
EPSS
Percentile
99.3%
Related for OPENVAS:1361412562310900279