Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214) |
Informations | |||
---|---|---|---|
Name | MS10-054 | First vendor Publication | 2010-08-10 |
Vendor | Microsoft | Last vendor Modification | 2010-11-09 |
Severity (Vendor) | Critical | Revision | 1.3 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.3 (November 9, 2010): Added an update FAQ to announce a detection change that corrects the replaced bulletin for supported editions of Windows Vista and Windows Server 2008. This is a detection change only. There were no changes to the security update files.Summary: This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS10-054.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-20 | Improper Input Validation |
33 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11106 | |||
Oval ID: | oval:org.mitre.oval:def:11106 | ||
Title: | SMB Pool Overflow Vulnerability | ||
Description: | The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2550 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12015 | |||
Oval ID: | oval:org.mitre.oval:def:12015 | ||
Title: | SMB Variable Validation Vulnerability | ||
Description: | The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2551 | Version: | 5 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12072 | |||
Oval ID: | oval:org.mitre.oval:def:12072 | ||
Title: | SMB Stack Exhaustion Vulnerability | ||
Description: | Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2552 | Version: | 5 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2010-08-10 | Microsoft SMB Server Trans2 Zero Size Pool Alloc (MS10-054) |
OpenVAS Exploits
Date | Description |
---|---|
2012-02-29 | Name : MicroSoft SMB Server Trans2 Request Remote Code Execution Vulnerability File : nvt/secpod_ms10-054_remote.nasl |
2010-08-11 | Name : Microsoft Windows SMB Code Execution and DoS Vulnerabilities (982214) File : nvt/secpod_ms10-054.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
66976 | Microsoft Windows SMB Server Compounded Request Handling Stack Exhaustion Rem... Microsoft Windows contains a flaw that may allow a denial of service. The issue is triggered when an error when handling Server Message Block (SMB) version 2 compounded requests can be exploited via a specially crafted SMB packet. It can cause a system running the Server service to stop responding. |
66975 | Microsoft Windows SMB Server Crafted Packet Handling Unspecified Remote DoS Microsoft Windows contains a flaw that may allow a denial of service. The issue is triggered when a variable validation error when parsing Server Message Block (SMB) packets can be exploited via a specially crafted SMB packet and it can cause a system running the Server service to stop responding. |
66974 | Microsoft Windows SMB Server SMB_COM_TRANSACTION2 Request Handling Remote Cod... Microsoft Windows contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to an error when validating certain Server Message Block (SMB) fields can be exploited to cause a SMB pool overflow via a specially crafted SMB_COM_TRANSACTION2 request to a system running the Server service and it can allow execution of arbitrary code. |
Snort® IPS/IDS
Date | Description |
---|---|
2015-05-28 | BytesIndicated validation dos attempt RuleID : 17127 - Revision : 5 - Type : NETBIOS |
2014-01-10 | Microsoft Windows SMB large session length with small packet RuleID : 17126 - Revision : 10 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB Trans2 MaxDataCount overflow attempt RuleID : 17125 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMBv2 compound request DoS attempt RuleID : 16577 - Revision : 9 - Type : OS-WINDOWS |
Metasploit Database
id | Description |
---|---|
2020-05-23 | Microsoft Windows SRV.SYS SrvSmbQueryFsInformation Pool Overflow DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-08-23 | Name : It is possible to execute arbitrary code on the remote Windows host due to fl... File : smb_pool_overflow.nasl - Type : ACT_GATHER_INFO |
2010-08-11 | Name : It is possible to execute arbitrary code on the remote Windows host due to fl... File : smb_nt_ms10-054.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:17:13 |
|
2016-03-06 00:24:25 |
|
2016-03-05 21:25:10 |
|
2015-05-28 21:26:36 |
|
2014-02-17 11:46:38 |
|
2014-01-19 21:30:30 |
|