Executive Summary
| Summary | |
|---|---|
| Title | Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468) |
| Informations | |||
|---|---|---|---|
| Name | MS10-012 | First vendor Publication | 2010-02-09 |
| Vendor | Microsoft | Last vendor Modification | 2010-02-10 |
| Severity (Vendor) | Important | Revision | 1.1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Revision Note: V1.1 (February 10, 2010): Corrected the FAQ for SMB Null Pointer Vulnerability |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/MS10-012.mspx |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 33 % | CWE-20 | Improper Input Validation |
| 17 % | CWE-362 | Race Condition |
| 17 % | CWE-310 | Cryptographic Issues |
| 17 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 17 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:7751 | |||
| Oval ID: | oval:org.mitre.oval:def:7751 | ||
| Title: | SMB NTLM Authentication Lack of Entropy Vulnerability | ||
| Description: | The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0231 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8314 | |||
| Oval ID: | oval:org.mitre.oval:def:8314 | ||
| Title: | SMB Null Pointer Vulnerability | ||
| Description: | The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0022 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8438 | |||
| Oval ID: | oval:org.mitre.oval:def:8438 | ||
| Title: | SMB Pathname Overflow Vulnerability | ||
| Description: | The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0020 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8524 | |||
| Oval ID: | oval:org.mitre.oval:def:8524 | ||
| Title: | SMB Memory Corruption Vulnerability | ||
| Description: | Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0021 | Version: | 3 |
| Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2010-10-17 | Windows NTLM Weak Nonce Vulnerability |
| 2010-04-17 | Windows 7/2008R2 SMB Client Trans2 Stack Overflow 10-020 PoC |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-10-22 | Name : Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468) File : nvt/secpod_ms10-012-remote.nasl |
| 2010-02-10 | Name : Microsoft Windows SMB Server Multiple Vulnerabilities (971468) File : nvt/secpod_ms10-012.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 62256 | Microsoft Windows SMB Server Crafted Network Message Remote Code Execution The SMB server in Microsoft Windows is prone to an overflow condition. The service fails to properly sanitize user-supplied input when handling path names resulting in an overflow. With a specially crafted SMB request, an authenticated attacker can potentially cause execution of arbitrary code or a denial of service. |
| 62255 | Microsoft Windows SMB Server Crafted Packet Handling Remote DoS |
| 62254 | Microsoft Windows SMB Server Crafted Packet Handling NULL Dereference Remote DoS |
| 62253 | Microsoft Windows SMB Server NTLM Authentication Nonce Entropy Weakness Flaws in Microsoft's implementation of the NTLM challenge-response authentication protocol causing the server to generate duplicate challenges/nonces and an information leak allow an unauthenticated remote attacker without any kind of credentials to access the SMB service of the target system under the credentials of an authorized user. Depending on the privileges of the user, the attacker will be able to obtain and modify files on the target system and execute arbitrary code. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2018-06-12 | SMB client NULL deref race condition attempt RuleID : 46637 - Revision : 1 - Type : NETBIOS |
| 2014-01-10 | possible SMB replay attempt - overlapping encryption keys detected RuleID : 17723 - Revision : 12 - Type : OS-WINDOWS |
| 2014-01-10 | SMB client NULL deref race condition attempt RuleID : 16418 - Revision : 10 - Type : NETBIOS |
| 2014-01-10 | Microsoft Windows SMB unicode invalid server name share access RuleID : 16404 - Revision : 12 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB unicode andx invalid server name share access RuleID : 16403 - Revision : 12 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB invalid server name share access RuleID : 16402 - Revision : 12 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB andx invalid server name share access RuleID : 16401 - Revision : 12 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB unicode invalid server name share access RuleID : 16400 - Revision : 14 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB unicode andx invalid server name share access RuleID : 16399 - Revision : 14 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB invalid server name share access RuleID : 16398 - Revision : 14 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB andx invalid server name share access RuleID : 16397 - Revision : 14 - Type : OS-WINDOWS |
| 2014-01-10 | SMB server srvnet.sys driver race condition attempt RuleID : 16396 - Revision : 5 - Type : NETBIOS |
| 2014-01-10 | Microsoft Windows SMB COPY command oversized pathname attempt RuleID : 16395 - Revision : 7 - Type : OS-WINDOWS |
| 2014-01-10 | Telnet-based NTLM replay attack attempt RuleID : 15847 - Revision : 14 - Type : OS-WINDOWS |
| 2014-01-10 | SMB replay attempt via NTLMSSP - overlapping encryption keys detected RuleID : 15453 - Revision : 16 - Type : OS-WINDOWS |
| 2014-01-10 | Web-based NTLM replay attack attempt RuleID : 15124 - Revision : 17 - Type : OS-WINDOWS |
| 2014-01-10 | possible SMB replay attempt - overlapping encryption keys detected RuleID : 15009 - Revision : 22 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-09-13 | Name : It is possible to execute arbitrary code on the remote Windows host due to fl... File : smb_kb971468.nasl - Type : ACT_GATHER_INFO |
| 2010-02-09 | Name : It is possible to execute arbitrary code on the remote Windows host due to fl... File : smb_nt_ms10-012.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2016-04-26 22:58:47 |
|
| 2014-02-17 11:46:28 |
|
| 2014-01-19 21:30:26 |
|
