Executive Summary

Summary
Title Vulnerability in NFS Server Could Allow Denial of Service (2790978)
Informations
Name MS13-014 First vendor Publication 2013-02-12
Vendor Microsoft Last vendor Modification 2013-02-12
Severity (Vendor) Important Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.1 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V1.0 (February 12, 2013) Bulletin published.

Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker attempts a file operation on a read only share. An attacker who exploited this vulnerability could cause the affected system to stop responding and restart. The vulnerability only affects Windows servers with the NFS role enabled.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/ms13-014

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:16388
 
Oval ID: oval:org.mitre.oval:def:16388
Title: Microsoft NFS Server Denial Of Service Vulnerability - MS13-014
Description: The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-1281
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 2
Os 1

Information Assurance Vulnerability Management (IAVM)

Date Description
2013-02-14 IAVM : 2013-B-0013 - Microsoft NFS Server Denial of Service Vulnerability
Severity : Category I - VMSKEY : V0036830

Snort® IPS/IDS

Date Description
2016-10-11 Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt
RuleID : 40065 - Revision : 4 - Type : OS-WINDOWS
2016-10-11 Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt
RuleID : 40064 - Revision : 2 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2013-02-12 Name : The remote Windows host is potentially affected by a denial of service vulner...
File : smb_nt_ms13-014.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2014-02-17 11:47:33
  • Multiple Updates
2013-11-11 12:41:32
  • Multiple Updates
2013-02-13 21:22:16
  • Multiple Updates
2013-02-13 13:21:00
  • Multiple Updates
2013-02-12 21:18:28
  • First insertion