Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.900230 |
Kategorie: | Windows : Microsoft Bulletins |
Titel: | Microsoft Windows SMB Server Multiple Vulnerabilities (971468) |
Zusammenfassung: | This host is missing a critical security update according to; Microsoft Bulletin MS10-012. |
Beschreibung: | Summary: This host is missing a critical security update according to Microsoft Bulletin MS10-012. Vulnerability Insight: - An input validation error exists while processing SMB requests and can be exploited to cause a buffer overflow via a specially crafted SMB packet. - An error exists in the SMB implementation while parsing SMB packets during the Negotiate phase causing memory corruption via a specially crafted SMB packet. - NULL pointer dereference error exists in SMB while verifying the 'share' and 'servername' fields in SMB packets causing denial of service. - A lack of cryptographic entropy when the SMB server generates challenges during SMB NTLM authentication and can be exploited to bypass the authentication mechanism. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code or cause a denial of service or bypass the authentication mechanism via brute force technique. Affected Software/OS: - Microsoft Windows 7 - Microsoft Windows 2K Service Pack 4 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2K3 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 1/2 and prior - Microsoft Windows Server 2008 Service Pack 1/2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-0020 Cert/CC Advisory: TA10-040A http://www.us-cert.gov/cas/techalerts/TA10-040A.html Microsoft Security Bulletin: MS10-012 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-012 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8438 Common Vulnerability Exposure (CVE) ID: CVE-2010-0021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8524 Common Vulnerability Exposure (CVE) ID: CVE-2010-0022 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8314 Common Vulnerability Exposure (CVE) ID: CVE-2010-0231 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7751 |
Copyright | Copyright (C) 2010 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |