Lucene search
Copyright (C) 2009 Greenbone Networks GmbHOPENVAS:1361412562310900877HistoryOct 14, 2009 - 12:00 a.m.
Microsoft Windows LSASS Denial of Service Vulnerability (975467)
2009-10-1400:00:00
Copyright (C) 2009 Greenbone Networks GmbH
plugins.openvas.org
18
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
AI Score
6.5
Confidence
Low
EPSS
0.801
Percentile
98.4%
This host is missing a critical security update according to
Microsoft Bulletin MS09-059.
# Copyright (C) 2009 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.900877");
script_version("2022-05-25T07:40:23+0000");
script_tag(name:"last_modification", value:"2022-05-25 07:40:23 +0000 (Wed, 25 May 2022)");
script_tag(name:"creation_date", value:"2009-10-14 16:47:08 +0200 (Wed, 14 Oct 2009)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_cve_id("CVE-2009-2524");
script_name("Microsoft Windows LSASS Denial of Service Vulnerability (975467)");
script_xref(name:"URL", value:"http://support.microsoft.com/kb/975467");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/36593");
script_xref(name:"URL", value:"http://www.vupen.com/english/advisories/2009/2894");
script_xref(name:"URL", value:"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-059");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("Windows : Microsoft Bulletins");
script_dependencies("secpod_reg_enum.nasl");
script_require_ports(139, 445);
script_mandatory_keys("SMB/registry_enumerated");
script_tag(name:"impact", value:"Successful exploitation will allow remote attackers to cause a Denial of
Service on the victim's system.");
script_tag(name:"affected", value:"- Microsoft Windows 7
- Microsoft Windows XP Service Pack 3 and prior
- Microsoft Windows 2K3 Service Pack 2 and prior
- Microsoft Windows Vista Service Pack 1/2 and prior
- Microsoft Windows Server 2008 Service Pack 1/2 and prior");
script_tag(name:"insight", value:"This issue is caused by an integer underflow error in the Windows NTLM
implementation in LSASS (Local Security Authority Subsystem Service) when
processing malformed packets during the authentication process, which could
allow attackers to cause an affected system to automatically reboot.");
script_tag(name:"solution", value:"The vendor has released updates. Please see the references for more information.");
script_tag(name:"summary", value:"This host is missing a critical security update according to
Microsoft Bulletin MS09-059.");
script_tag(name:"qod_type", value:"executable_version");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-059");
exit(0);
}
include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");
if(hotfix_check_sp(xp:4, win2003:3, winVista:3, win7:1, win2008:3) <= 0){
exit(0);
}
if(hotfix_missing(name:"968389") == 1){
exit(0);
}
# MS09-059 Hotfix check
if(hotfix_missing(name:"975467") == 0){
exit(0);
}
sysPath = smb_get_system32root();
if(sysPath)
{
dllVer = fetch_file_version(sysPath:sysPath, file_name:"Msv1_0.dll");
if(!dllVer){
exit(0);
}
}
if(hotfix_check_sp(xp:4) > 0)
{
SP = get_kb_item("SMB/WinXP/ServicePack");
if("Service Pack 2" >< SP)
{
if(version_is_less(version:dllVer, test_version:"5.1.2600.3625")){
report = report_fixed_ver(installed_version:dllVer, fixed_version:"5.1.2600.3625", install_path:sysPath);
security_message(port: 0, data: report);
}
exit(0);
}
else if("Service Pack 3" >< SP)
{
if(version_is_less(version:dllVer, test_version:"5.1.2600.5876")){
report = report_fixed_ver(installed_version:dllVer, fixed_version:"5.1.2600.5876", install_path:sysPath);
security_message(port: 0, data: report);
}
exit(0);
}
security_message( port: 0, data: "The target host was found to be vulnerable" );
}
else if(hotfix_check_sp(win2003:3) > 0)
{
SP = get_kb_item("SMB/Win2003/ServicePack");
if("Service Pack 2" >< SP)
{
if(version_is_less(version:dllVer, test_version:"5.2.3790.4587")){
report = report_fixed_ver(installed_version:dllVer, fixed_version:"5.2.3790.4587", install_path:sysPath);
security_message(port: 0, data: report);
}
exit(0);
}
security_message( port: 0, data: "The target host was found to be vulnerable" );
}
sysPath = smb_get_system32root();
if(sysPath)
{
dllVer = fetch_file_version(sysPath:sysPath, file_name:"Msv1_0.dll");
if(!dllVer){
exit(0);
}
}
if(hotfix_check_sp(winVista:3) > 0)
{
SP = get_kb_item("SMB/WinVista/ServicePack");
if("Service Pack 1" >< SP)
{
if(version_is_less(version:dllVer, test_version:"6.0.6001.18330")){
report = report_fixed_ver(installed_version:dllVer, fixed_version:"6.0.6001.18330", install_path:sysPath);
security_message(port: 0, data: report);
}
exit(0);
}
if("Service Pack 2" >< SP)
{
if(version_is_less(version:dllVer, test_version:"6.0.6002.18111")){
report = report_fixed_ver(installed_version:dllVer, fixed_version:"6.0.6002.18111", install_path:sysPath);
security_message(port: 0, data: report);
}
exit(0);
}
security_message( port: 0, data: "The target host was found to be vulnerable" );
}
else if(hotfix_check_sp(win2008:3) > 0)
{
SP = get_kb_item("SMB/Win2008/ServicePack");
if("Service Pack 1" >< SP)
{
if(version_is_less(version:dllVer, test_version:"6.0.6001.18330")){
report = report_fixed_ver(installed_version:dllVer, fixed_version:"6.0.6001.18330", install_path:sysPath);
security_message(port: 0, data: report);
}
exit(0);
}
if("Service Pack 2" >< SP)
{
if(version_is_less(version:dllVer, test_version:"6.0.6002.18111")){
report = report_fixed_ver(installed_version:dllVer, fixed_version:"6.0.6002.18111", install_path:sysPath);
security_message(port: 0, data: report);
}
exit(0);
}
security_message( port: 0, data: "The target host was found to be vulnerable" );
}
else if(hotfix_check_sp(win7:1) > 0)
{
if(version_is_less(version:dllVer, test_version:"6.1.7600.16420")){
report = report_fixed_ver(installed_version:dllVer, fixed_version:"6.1.7600.16420", install_path:sysPath);
security_message(port: 0, data: report);
}
}
Related
checkpoint_advisories
checkpoint_advisories
nessus
nessus
securityvulns
securityvulns
openvas
openvas
Microsoft Windows LSASS Denial of Service Vulnerability (975467)
2009-10-14 00:00:00
prion
prion
Integer overflow
2009-10-14 10:30:00
cvelist
cvelist
CVE-2009-2524
2009-10-14 10:00:00
nvd
nvd
CVE-2009-2524
2009-10-14 10:30:01
cve
cve
CVE-2009-2524
2009-10-14 10:30:01
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
AI Score
6.5
Confidence
Low
EPSS
0.801
Percentile
98.4%
Related for OPENVAS:1361412562310900877