Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (c) 2013 SecPodOPENVAS:902989
HistoryAug 14, 2013 - 12:00 a.m.

Microsoft Windows NAT Driver Denial of Service Vulnerability (2849568)

2013-08-1400:00:00
Copyright (c) 2013 SecPod
plugins.openvas.org
6

0.347 Low

EPSS

Percentile

97.1%

JSON

This host is missing a important security update according to
Microsoft Bulletin MS13-064.

###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_ms13-064.nasl 31155 2013-08-14 14:18:13Z aug$
#
# Microsoft Windows NAT Driver Denial of Service Vulnerability (2849568)
#
# Authors:
# Antu Sanadi <[email protected]>
#
# Copyright:
# Copyright (c) 2013 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "
  Impact Level: System";

if(description)
{
  script_id(902989);
  script_version("$Revision: 5346 $");
  script_cve_id("CVE-2013-3182");
  script_bugtraq_id(61685);
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"last_modification", value:"$Date: 2017-02-19 09:43:11 +0100 (Sun, 19 Feb 2017) $");
  script_tag(name:"creation_date", value:"2013-08-14 08:17:31 +0530 (Wed, 14 Aug 2013)");
  script_name("Microsoft Windows NAT Driver Denial of Service Vulnerability (2849568)");

  tag_summary =
"This host is missing a important security update according to
Microsoft Bulletin MS13-064.";

  tag_vuldetect =
"Get the vulnerable file version and check appropriate patch is applied
or not.";

  tag_insight =
"The flaw is due to an error within the Windows NAT Driver when handling ICMP
packets.";

  tag_impact =
"Successful exploitation will allow the remote attackers to cause a denial
of service.";

  tag_affected =
"Microsoft Windows Server 2012";

  tag_solution =
"Run Windows Update and update the listed hotfixes or download and update
mentioned hotfixes in the advisory from the below link,
https://technet.microsoft.com/en-us/security/bulletin/ms13-064";


  script_tag(name : "summary" , value : tag_summary);
  script_tag(name : "vuldetect" , value : tag_vuldetect);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");

  script_xref(name : "URL" , value : "http://secunia.com/advisories/54420");
  script_xref(name : "URL" , value : "http://support.microsoft.com/kb/2849568");
  script_xref(name : "URL" , value : "https://technet.microsoft.com/en-us/security/bulletin/ms13-064");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2013 SecPod");
  script_family("Windows : Microsoft Bulletins");
  script_dependencies("smb_reg_service_pack.nasl");
  script_require_ports(139, 445);
  script_mandatory_keys("SMB/WindowsVersion");

  exit(0);
}


include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");

## Variables Initialization
sysPath = "";
WinnatVer = "";

## Check for OS and Service Pack
if(hotfix_check_sp(win2012:1) <= 0){
  exit(0);
}

## Get System Path
sysPath = smb_get_systemroot();
if(!sysPath){
  exit(0);
}

## Get Version from Winnat.sys file
WinnatVer = fetch_file_version(sysPath, file_name:"system32\drivers\Winnat.sys");
if(!WinnatVer){
  exit(0);
}

if(hotfix_check_sp(win2012:1) > 0)
{
 ## Check for Winnat.sys version
  if(version_is_less(version:WinnatVer, test_version:"6.2.9200.16654") ||
     version_in_range(version:WinnatVer, test_version:"6.2.9200.20000", test_version2:"6.2.9200.20761")){
    security_message(0);
  }
  exit(0);
}

Related

nessus 1
symantec 1
cvelist 1
nvd 1
cve 1
prion 1
checkpoint_advisories 1
openvas 1
securityvulns 1
nessus
nessus
MS13-064: Vulnerability in Windows NAT Driver Could Allow Denial of Service (2849568)
2013-08-14 00:00:00
symantec
symantec
Microsoft NAT Driver CVE-2013-3182 Denial of Service Vulnerability
2013-08-13 00:00:00
cvelist
cvelist
CVE-2013-3182
2013-08-14 10:00:00
nvd
nvd
CVE-2013-3182
2013-08-14 11:10:36
cve
cve
CVE-2013-3182
2013-08-14 11:10:36
prion
prion
Memory corruption
2013-08-14 11:10:00
checkpoint_advisories
checkpoint_advisories
Microsoft DirectAccess ICMP Denial of Service (MS13-064; CVE-2013-3182)
2013-08-13 00:00:00
openvas
openvas
Microsoft Windows NAT Driver Denial of Service Vulnerability (2849568)
2013-08-14 00:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2013-09-09 00:00:00

0.347 Low

EPSS

Percentile

97.1%

JSON
Related for OPENVAS:902989
nessus1symantec1cvelist1nvd1cve1prion1checkpoint_advisories1openvas1securityvulns1