Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.900230
Kategorie:Windows : Microsoft Bulletins
Titel:Microsoft Windows SMB Server Multiple Vulnerabilities (971468)
Zusammenfassung:This host is missing a critical security update according to; Microsoft Bulletin MS10-012.
Beschreibung:Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS10-012.

Vulnerability Insight:
- An input validation error exists while processing SMB requests and can
be exploited to cause a buffer overflow via a specially crafted SMB packet.

- An error exists in the SMB implementation while parsing SMB packets during
the Negotiate phase causing memory corruption via a specially crafted SMB
packet.

- NULL pointer dereference error exists in SMB while verifying the 'share'
and 'servername' fields in SMB packets causing denial of service.

- A lack of cryptographic entropy when the SMB server generates challenges
during SMB NTLM authentication and can be exploited to bypass the
authentication mechanism.

Vulnerability Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code or cause a denial of service or bypass the authentication mechanism
via brute force technique.

Affected Software/OS:
- Microsoft Windows 7

- Microsoft Windows 2K Service Pack 4 and prior

- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows 2K3 Service Pack 2 and prior

- Microsoft Windows Vista Service Pack 1/2 and prior

- Microsoft Windows Server 2008 Service Pack 1/2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-0020
Cert/CC Advisory: TA10-040A
http://www.us-cert.gov/cas/techalerts/TA10-040A.html
Microsoft Security Bulletin: MS10-012
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-012
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8438
Common Vulnerability Exposure (CVE) ID: CVE-2010-0021
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8524
Common Vulnerability Exposure (CVE) ID: CVE-2010-0022
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8314
Common Vulnerability Exposure (CVE) ID: CVE-2010-0231
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7751
CopyrightCopyright (C) 2010 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.