Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)
2013-01-09T00:00:00
ID OPENVAS:902940 Type openvas Reporter Copyright (C) 2013 SecPod Modified 2017-02-20T00:00:00
Description
This host is missing an important security update according to
Microsoft Bulletin MS13-004.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_ms13-007.nasl 5365 2017-02-20 13:46:09Z cfi $
#
# Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)
#
# Authors:
# Antu Sanadi <santu@secpod.com>
#
# Copyright:
# Copyright (c) 2013 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
tag_impact = "Successful exploitation will allow an attacker to execute arbitrary code
and cause a DoS (Denial of Service).
Impact Level: System/Application";
tag_affected = "Microsoft .NET Framework 3.5, 3.5.1 and 4";
tag_insight = "The flaw is due to an error within the WCF 'Replace()' function when handling
Open Data Protocol (OData) data and can be exploited to exhaust system
resources.";
tag_solution = "Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms13-007";
tag_summary = "This host is missing an important security update according to
Microsoft Bulletin MS13-004.";
if(description)
{
script_id(902940);
script_version("$Revision: 5365 $");
script_cve_id("CVE-2013-0005");
script_bugtraq_id(57141);
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_tag(name:"last_modification", value:"$Date: 2017-02-20 14:46:09 +0100 (Mon, 20 Feb 2017) $");
script_tag(name:"creation_date", value:"2013-01-09 12:59:12 +0530 (Wed, 09 Jan 2013)");
script_name("Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)");
script_xref(name : "URL" , value : "http://secunia.com/advisories/51772/");
script_xref(name : "URL" , value : "http://support.microsoft.com/kb/2736416");
script_xref(name : "URL" , value : "http://support.microsoft.com/kb/2736428");
script_xref(name : "URL" , value : "http://support.microsoft.com/kb/2736418");
script_xref(name : "URL" , value : "http://support.microsoft.com/kb/2736422");
script_xref(name : "URL" , value : "http://technet.microsoft.com/en-us/security/bulletin/ms13-007");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 SecPod");
script_family("Windows : Microsoft Bulletins");
script_dependencies("secpod_reg_enum.nasl");
script_require_ports(139, 445);
script_mandatory_keys("SMB/WindowsVersion");
script_tag(name : "impact" , value : tag_impact);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"registry");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");
## Variables Initialization
key = "";
item = "";
path = "";
dllVer = "";
## Check for OS and Service Pack
if(hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3, winVista:3,
win7:2, win7x64:2, win2008:3, win2008r2:2) <= 0){
exit(0);
}
## Confirm .NET
key = "SOFTWARE\Microsoft\ASP.NET\";
if(registry_key_exists(key:key))
{
## Try to Get Version
foreach item (registry_enum_keys(key:key))
{
path = registry_get_sz(key:key + item, item:"Path");
if(path && "\Microsoft.NET\Framework" >< path)
{
## Get version from System.dll file
dllVer = fetch_file_version(sysPath:path, file_name:"System.Data.Services.dll");
if(dllVer)
{
## .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008,
## Windows 7 and and Windows Server 2008 R2
if(version_in_range(version:dllVer, test_version:"4.0.30319.100", test_version2:"4.0.30319.296")||
version_in_range(version:dllVer, test_version:"4.0.30319.500", test_version2:"4.0.30319.586"))
{
security_message(0);
exit(0);
}
}
}
}
}
## Get .NET Framework 3.0 Service Pack 2 Version
key = "SOFTWARE\Microsoft\.NETFramework\AssemblyFolders\v3.5";
if(registry_key_exists(key:key))
{
path = registry_get_sz(key:key, item:"All Assemblies In");
if(path){
dllv3 = fetch_file_version(sysPath:path, file_name:"System.Data.Services.dll");
}
}
if(!dllv3){
exit(0);
}
## .NET Framework 3.5 Service Pack 1 on Windows XP, Windows Server 2003,
## Windows Vista, and Windows Server 2008
if((hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3, winVista:3, win2008:3) > 0) &&
(version_in_range(version:dllv3, test_version:"3.5.30729.4000", test_version2:"3.5.30729.4038")||
version_in_range(version:dllv3, test_version:"3.5.30729.5000", test_version2:"3.5.30729.5850")))
{
security_message(0);
exit(0);
}
## .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2
if((hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0) &&
(version_in_range(version:dllv3, test_version:"3.5.30729.5000", test_version2:"3.5.30729.5005")||
version_in_range(version:dllv3, test_version:"3.5.30729.5800", test_version2:"3.5.30729.5830")||
version_in_range(version:dllv3, test_version:"3.5.30729.5400", test_version2:"3.5.30729.5450")))
{
security_message(0);
exit(0);
}
{"bulletinFamily": "scanner", "viewCount": 0, "naslFamily": "Windows : Microsoft Bulletins", "reporter": "Copyright (C) 2013 SecPod", "references": ["http://secunia.com/advisories/51772/", "http://support.microsoft.com/kb/2736418", "http://technet.microsoft.com/en-us/security/bulletin/ms13-007", "http://support.microsoft.com/kb/2736428", "http://support.microsoft.com/kb/2736422", "http://support.microsoft.com/kb/2736416"], "description": "This host is missing an important security update according to\n Microsoft Bulletin MS13-004.", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "4df8ca40382012dbcaa71b491fc5aa17"}, {"key": "cvss", "hash": "ed3111898fb94205e2b64cefef5a2081"}, {"key": "description", "hash": "6ce2784f4d0bd1ee3cba22e53aa53142"}, {"key": "href", "hash": "79ebec2c642275295d17d3b3c26adb4a"}, {"key": "modified", "hash": "c2eea933d97966be19ceab275cbda399"}, {"key": "naslFamily", "hash": "c9898bc973bfffca5119f1a3bfa73a8d"}, {"key": "pluginID", "hash": "5ff5e6c9b54d62d075de1f28a726d3ef"}, {"key": "published", "hash": "1fab6a3ea377099125ae6a26bc645d40"}, {"key": "references", "hash": "d6827502bb99c754ac725ea98565bc6d"}, {"key": "reporter", "hash": "487ccde933a3e5727ddaae379a55a850"}, {"key": "sourceData", "hash": "18e0bbafd68839c98bde74cba2709931"}, {"key": "title", "hash": "1503a44a0b70d37c02c31a79f3a945fb"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=902940", "modified": "2017-02-20T00:00:00", "objectVersion": "1.3", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-0005"]}, {"type": "symantec", "idList": ["SMNTC-57141"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310902940"]}, {"type": "nessus", "idList": ["SMB_NT_MS13-007.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12817"]}], "modified": "2017-07-02T21:11:13"}, "vulnersScore": 7.5}, "id": "OPENVAS:902940", "title": "Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)", "hash": "56e1d8d63374f84c04447a7096480e3c655a63633101e3464f7a78458832bacd", "edition": 1, "published": "2013-01-09T00:00:00", "type": "openvas", "history": [], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "cvelist": ["CVE-2013-0005"], "lastseen": "2017-07-02T21:11:13", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms13-007.nasl 5365 2017-02-20 13:46:09Z cfi $\n#\n# Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow an attacker to execute arbitrary code\n and cause a DoS (Denial of Service).\n Impact Level: System/Application\";\n\ntag_affected = \"Microsoft .NET Framework 3.5, 3.5.1 and 4\";\ntag_insight = \"The flaw is due to an error within the WCF 'Replace()' function when handling\n Open Data Protocol (OData) data and can be exploited to exhaust system\n resources.\";\ntag_solution = \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link,\n http://technet.microsoft.com/en-us/security/bulletin/ms13-007\";\ntag_summary = \"This host is missing an important security update according to\n Microsoft Bulletin MS13-004.\";\n\nif(description)\n{\n script_id(902940);\n script_version(\"$Revision: 5365 $\");\n script_cve_id(\"CVE-2013-0005\");\n script_bugtraq_id(57141);\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 14:46:09 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-09 12:59:12 +0530 (Wed, 09 Jan 2013)\");\n script_name(\"Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/51772/\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2736416\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2736428\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2736418\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/2736422\");\n script_xref(name : \"URL\" , value : \"http://technet.microsoft.com/en-us/security/bulletin/ms13-007\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## Variables Initialization\nkey = \"\";\nitem = \"\";\npath = \"\";\ndllVer = \"\";\n\n## Check for OS and Service Pack\nif(hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3, winVista:3,\n win7:2, win7x64:2, win2008:3, win2008r2:2) <= 0){\n exit(0);\n}\n\n## Confirm .NET\nkey = \"SOFTWARE\\Microsoft\\ASP.NET\\\";\nif(registry_key_exists(key:key))\n{\n ## Try to Get Version\n foreach item (registry_enum_keys(key:key))\n {\n path = registry_get_sz(key:key + item, item:\"Path\");\n if(path && \"\\Microsoft.NET\\Framework\" >< path)\n {\n ## Get version from System.dll file\n dllVer = fetch_file_version(sysPath:path, file_name:\"System.Data.Services.dll\");\n if(dllVer)\n {\n ## .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008,\n ## Windows 7 and and Windows Server 2008 R2\n if(version_in_range(version:dllVer, test_version:\"4.0.30319.100\", test_version2:\"4.0.30319.296\")||\n version_in_range(version:dllVer, test_version:\"4.0.30319.500\", test_version2:\"4.0.30319.586\"))\n {\n security_message(0);\n exit(0);\n }\n }\n }\n }\n}\n\n## Get .NET Framework 3.0 Service Pack 2 Version\nkey = \"SOFTWARE\\Microsoft\\.NETFramework\\AssemblyFolders\\v3.5\";\nif(registry_key_exists(key:key))\n{\n path = registry_get_sz(key:key, item:\"All Assemblies In\");\n if(path){\n dllv3 = fetch_file_version(sysPath:path, file_name:\"System.Data.Services.dll\");\n }\n}\n\nif(!dllv3){\n exit(0);\n}\n\n## .NET Framework 3.5 Service Pack 1 on Windows XP, Windows Server 2003,\n## Windows Vista, and Windows Server 2008\nif((hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3, winVista:3, win2008:3) > 0) &&\n (version_in_range(version:dllv3, test_version:\"3.5.30729.4000\", test_version2:\"3.5.30729.4038\")||\n version_in_range(version:dllv3, test_version:\"3.5.30729.5000\", test_version2:\"3.5.30729.5850\")))\n{\n security_message(0);\n exit(0);\n}\n\n## .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2\nif((hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0) &&\n (version_in_range(version:dllv3, test_version:\"3.5.30729.5000\", test_version2:\"3.5.30729.5005\")||\n version_in_range(version:dllv3, test_version:\"3.5.30729.5800\", test_version2:\"3.5.30729.5830\")||\n version_in_range(version:dllv3, test_version:\"3.5.30729.5400\", test_version2:\"3.5.30729.5450\")))\n{\n security_message(0);\n exit(0);\n}\n", "pluginID": "902940"}
{"cve": [{"lastseen": "2019-02-27T12:27:57", "bulletinFamily": "NVD", "description": "The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka \"Replace Denial of Service Vulnerability.\"", "modified": "2019-02-26T09:04:00", "published": "2013-01-09T13:09:40", "id": "CVE-2013-0005", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0005", "title": "CVE-2013-0005", "type": "cve", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "symantec": [{"lastseen": "2018-03-11T18:48:56", "bulletinFamily": "software", "description": "### Description\n\nThe Microsoft OData specification is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the application to become unresponsive or to crash, denying service to legitimate users.\n\n### Technologies Affected\n\n * Microsoft Management OData IIS Extension \n * Microsoft Windows 7 for 32-bit Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8 for 32-bit Systems \n * Microsoft Windows 8 for 64-bit Systems \n * Microsoft Windows Server 2003 Itanium SP2 \n * Microsoft Windows Server 2003 SP2 \n * Microsoft Windows Server 2003 x64 SP2 \n * Microsoft Windows Server 2008 R2 Itanium \n * Microsoft Windows Server 2008 R2 Itanium SP1 \n * Microsoft Windows Server 2008 R2 x64 \n * Microsoft Windows Server 2008 R2 x64 SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Vista Service Pack 2 \n * Microsoft Windows Vista x64 Edition Service Pack 2 \n * Microsoft Windows XP Professional x64 Edition SP2 \n * Microsoft Windows XP Service Pack 3 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This may indicate exploit attempts or activity that results from successful exploits.\n\nThe vendor has released an advisory and fixes. Please see the references for details.\n", "modified": "2013-01-08T00:00:00", "published": "2013-01-08T00:00:00", "id": "SMNTC-57141", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/57141", "type": "symantec", "title": "Microsoft OData CVE-2013-0005 Denial of Service Vulnerability", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:18:07", "bulletinFamily": "scanner", "description": "The remote Windows host is running a version of the Microsoft .NET Framework that is affected by a denial of service vulnerability in the Open Data (OData) protocol. An unauthenticated attacker could exploit this vulnerability by sending a specially crafted HTTP request to the affected site.", "modified": "2018-11-15T00:00:00", "id": "SMB_NT_MS13-007.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63425", "published": "2013-01-09T00:00:00", "title": "MS13-007: Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(63425);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\"CVE-2013-0005\");\n script_bugtraq_id(57141);\n script_xref(name:\"MSFT\", value:\"MS13-007\");\n script_xref(name:\"MSKB\", value:\"2736416\");\n script_xref(name:\"MSKB\", value:\"2736418\");\n script_xref(name:\"MSKB\", value:\"2736422\");\n script_xref(name:\"MSKB\", value:\"2736428\");\n script_xref(name:\"MSKB\", value:\"2736693\");\n script_xref(name:\"MSKB\", value:\"2753596\");\n script_xref(name:\"IAVB\", value:\"2013-B-0001\");\n\n script_name(english:\"MS13-007: Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327)\");\n script_summary(english:\"Checks file versions\");\n\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The version of the .NET Framework installed on the remote host is\naffected by multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Windows host is running a version of the Microsoft .NET\nFramework that is affected by a denial of service vulnerability in the\nOpen Data (OData) protocol. An unauthenticated attacker could exploit\nthis vulnerability by sending a specially crafted HTTP request to the\naffected site.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-007\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Microsoft has released a set of patches for the .NET Framework on\nWindows XP, 2003, Vista, 2008, 7, 2008 R2, 8, and 2012.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:.net_framework\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS13-007';\nkbs = make_list(\n '2736416',\n '2736418',\n '2736422',\n '2736428',\n '2736693',\n '2753596'\n);\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nwinver = get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\n\nif (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'0,1', win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (\"Windows Embedded\" >< productname) exit(0, \"The host is running \"+productname+\" and hence is not affected.\");\n\nrootfile = hotfix_get_systemroot();\nif (!rootfile) exit(1, \"Failed to get the system root.\");\n\nshare = hotfix_path2share(path:rootfile);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nvuln = 0;\n\n########## KB2736428 ###########\n# .NET Framework 4.0 #\n# Windows XP SP3, #\n# Windows XP SP2 x64, #\n# Windows 2003 SP2, #\n# Windows Vista SP2, #\n# Windows 7, #\n# Windows Server 2008 SP2, #\n# Windows Server 2008 R2 #\n################################\nif (\n# Windows XP SP3\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"DataSvcUtil.exe\", version:\"4.0.30319.297\", min_version:\"4.0.30319.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\", bulletin:bulletin, kb:\"2736428\") ||\n# Windows XP SP2 x64 / Server 2003 SP2\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"DataSvcUtil.exe\", version:\"4.0.30319.297\", min_version:\"4.0.30319.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\", bulletin:bulletin, kb:\"2736428\") ||\n# Windows Vista SP2 / Server 2008 SP2\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"DataSvcUtil.exe\", version:\"4.0.30319.297\", min_version:\"4.0.30319.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\", bulletin:bulletin, kb:\"2736428\") ||\n# Windows 7 / 2008 R2\n hotfix_is_vulnerable(os:\"6.1\", file:\"DataSvcUtil.exe\", version:\"4.0.30319.297\", min_version:\"4.0.30319.0\", dir:\"\\Microsoft.NET\\Framework\\v4.0.30319\", bulletin:bulletin, kb:\"2736428\")\n) vuln++;\n\n########## KB2736418 ###########\n# .NET Framework 3.5.1 #\n# Windows 7, #\n# Server 2008 R2 #\n################################\nif (\n hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"DataSvcUtil.exe\", version:\"3.5.30729.5006\", min_version:\"3.5.30729.4600\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736418\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:0, file:\"DataSvcUtil.exe\", version:\"3.5.30729.5831\", min_version:\"3.5.30729.5400\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736418\")\n) vuln++;\n\n########## KB2736422 ###########\n# .NET Framework 3.5.1 #\n# Windows 7 SP1, #\n# Server 2008 R2 SP1 #\n################################\nif (\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"DataSvcUtil.exe\", version:\"3.5.30729.5451\", min_version:\"3.5.30729.5000\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736422\") ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"DataSvcUtil.exe\", version:\"3.5.30729.5831\", min_version:\"3.5.30729.5500\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736422\")\n) vuln++;\n\n########## KB2736693 ###########\n# .NET Framework 3.5 #\n# Windows 8, #\n# Server 2012 #\n################################\nif (\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"DataSvcUtil.exe\", version:\"3.5.30729.6400\", min_version:\"3.5.30729.6000\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736693\") ||\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"DataSvcUtil.exe\", version:\"3.5.30729.7004\", min_version:\"3.5.30729.6600\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736693\")\n) vuln++;\n\n########## KB2736416 ###########\n# .NET Framework 3.5 SP1 #\n# Windows XP SP3, #\n# Windows XP SP2 x64, #\n# Windows 2003 SP2, #\n# Windows Vista SP2, #\n# Windows Server 2008 SP2, #\n################################\nif (\n# Windows XP SP3\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"DataSvcUtil.exe\", version:\"3.5.30729.4039\", min_version:\"3.5.30729.3600\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736416\") ||\n hotfix_is_vulnerable(os:\"5.1\", sp:3, file:\"DataSvcUtil.exe\", version:\"3.5.30729.5851\", min_version:\"3.5.30729.5400\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736416\") ||\n# Windows XP SP2 x64 / Server 2003 SP2\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"DataSvcUtil.exe\", version:\"3.5.30729.4039\", min_version:\"3.5.30729.3600\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736416\") ||\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"DataSvcUtil.exe\", version:\"3.5.30729.5851\", min_version:\"3.5.30729.5400\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736416\") ||\n# Windows Vista SP2 / Server 2008 SP2\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"DataSvcUtil.exe\", version:\"3.5.30729.4039\", min_version:\"3.5.30729.3600\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736416\") ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"DataSvcUtil.exe\", version:\"3.5.30729.5851\", min_version:\"3.5.30729.5400\", dir:\"\\Microsoft.NET\\Framework\\v3.5\", bulletin:bulletin, kb:\"2736416\") ) vuln++;\n\n########## KB2753596 ###########\n# OData IIS Extension #\n# Windows Server 2012 #\n################################\nif(winver == '6.2')\n{\n hotfix_check_fversion_end();\n registry_init();\n val = NULL;\n odata_installed = FALSE;\n hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE);\n if(!isnull(hklm))\n {\n key = \"SOFTWARE\\Microsoft\\.NETFramework\\Fusion\\References\";\n dotNetKeys = get_registry_subkeys(handle:hklm, key:key);\n RegCloseKey(handle:hklm);\n foreach subkey (dotNetKeys)\n {\n if(subkey =~ \"^Microsoft\\.Management\\.Odata\\.Resources\")\n {\n odata_installed = TRUE;\n break;\n }\n }\n }\n\n if(odata_installed)\n {\n close_registry(close:FALSE);\n\n rc = NetUseAdd(share:share);\n if (rc != 1)\n {\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, share);\n }\n\n winsxs = ereg_replace(pattern:'^[A-Za-z]:(.*)', replace:\"\\1\\WinSxS\", string:rootfile);\n patched = FALSE;\n files = list_dir(basedir:winsxs, level:0, dir_pat:'msil_microsoft.management.odata', file_pat:'^Microsoft\\\\.Management\\\\.OData\\\\.dll', max_recurse:1);\n\n vuln += hotfix_check_winsxs(os:'6.2', files:files, versions:make_list('6.2.9200.18975', '6.2.9200.23261'), max_versions:make_list('6.2.2900.20000', '6.2.9200.99999'), bulletin:bulletin, kb:'2753596');\n }\n else close_registry();\n}\n\nif(vuln > 0)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, \"affected\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-10-22T16:41:59", "bulletinFamily": "scanner", "description": "This host is missing an important security update according to\n Microsoft Bulletin MS13-004.", "modified": "2018-10-12T00:00:00", "published": "2013-01-09T00:00:00", "id": "OPENVAS:1361412562310902940", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902940", "title": "Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms13-007.nasl 11865 2018-10-12 10:03:43Z cfischer $\n#\n# Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902940\");\n script_version(\"$Revision: 11865 $\");\n script_cve_id(\"CVE-2013-0005\");\n script_bugtraq_id(57141);\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:03:43 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-09 12:59:12 +0530 (Wed, 09 Jan 2013)\");\n script_name(\"Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51772/\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2736416\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2736428\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2736418\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/2736422\");\n script_xref(name:\"URL\", value:\"http://technet.microsoft.com/en-us/security/bulletin/ms13-007\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker to execute arbitrary code\n and cause a DoS (Denial of Service).\");\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 3.5, 3.5.1 and 4\");\n script_tag(name:\"insight\", value:\"The flaw is due to an error within the WCF 'Replace()' function when handling\n Open Data Protocol (OData) data and can be exploited to exhaust system\n resources.\");\n script_tag(name:\"solution\", value:\"Run Windows Update and update the listed hotfixes or download and\n install the hotfixes from the referenced advisory.\");\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Microsoft Bulletin MS13-004.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3, winVista:3,\n win7:2, win7x64:2, win2008:3, win2008r2:2) <= 0){\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\ASP.NET\\\";\nif(registry_key_exists(key:key))\n{\n foreach item (registry_enum_keys(key:key))\n {\n path = registry_get_sz(key:key + item, item:\"Path\");\n if(path && \"\\Microsoft.NET\\Framework\" >< path)\n {\n dllVer = fetch_file_version(sysPath:path, file_name:\"System.Data.Services.dll\");\n if(dllVer)\n {\n ## .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008,\n ## Windows 7 and and Windows Server 2008 R2\n if(version_in_range(version:dllVer, test_version:\"4.0.30319.100\", test_version2:\"4.0.30319.296\")||\n version_in_range(version:dllVer, test_version:\"4.0.30319.500\", test_version2:\"4.0.30319.586\"))\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n }\n }\n }\n}\n\nkey = \"SOFTWARE\\Microsoft\\.NETFramework\\AssemblyFolders\\v3.5\";\nif(registry_key_exists(key:key))\n{\n path = registry_get_sz(key:key, item:\"All Assemblies In\");\n if(path){\n dllv3 = fetch_file_version(sysPath:path, file_name:\"System.Data.Services.dll\");\n }\n}\n\nif(!dllv3){\n exit(0);\n}\n\n## .NET Framework 3.5 Service Pack 1 on Windows XP, Windows Server 2003,\n## Windows Vista, and Windows Server 2008\nif((hotfix_check_sp(xp:4, xpx64:3, win2003:3, win2003x64:3, winVista:3, win2008:3) > 0) &&\n (version_in_range(version:dllv3, test_version:\"3.5.30729.4000\", test_version2:\"3.5.30729.4038\")||\n version_in_range(version:dllv3, test_version:\"3.5.30729.5000\", test_version2:\"3.5.30729.5850\")))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n\n## .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2\nif((hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0) &&\n (version_in_range(version:dllv3, test_version:\"3.5.30729.5000\", test_version2:\"3.5.30729.5005\")||\n version_in_range(version:dllv3, test_version:\"3.5.30729.5800\", test_version2:\"3.5.30729.5830\")||\n version_in_range(version:dllv3, test_version:\"3.5.30729.5400\", test_version2:\"3.5.30729.5450\")))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:50", "bulletinFamily": "software", "description": "Print spooler service code execution, XML library integer overflow and memory corruption, multiple .Net vulnerabilities, Win32K privilege escalation SSL/TLS library protection bypass, Open Data Protocol DoS.", "modified": "2013-01-10T00:00:00", "published": "2013-01-10T00:00:00", "id": "SECURITYVULNS:VULN:12817", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12817", "title": "Microsoft Windows multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
