Executive Summary
Summary | |
---|---|
Title | Microsoft SMBv2 signing vulnerability |
Informations | |||
---|---|---|---|
Name | VU#520465 | First vendor Publication | 2007-12-12 |
Vendor | VU-CERT | Last vendor Modification | 2007-12-12 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#520465Microsoft SMBv2 signing vulnerabilityOverviewA vulnerability in the way Microsoft Server Message Block Version 2 (SMBv2) implements digital signing of packets may allow a remote, unauthenticated attacker to gain local user privileges and execute arbitrary code.I. DescriptionMicrosoft Server Message Block (SMB) Protocol is a network file sharing protocol used by default on Windows based computers. SMBv2 is supported on computers running Windows Server 2008 and Windows Vista. SMBv2 packet signing - used over all SMB communications - is critical for enabling recipients to verify the source and authenticity of the packet. A flaw exists in the way SMBv2 implements packet signing which may allow an attacker to modify a packet in transit, gain local user access to the system and execute arbitrary code.II. ImpactA remote, unauthenticated attacker may be able to execute arbitrary code with local user privileges on an affected system.III. SolutionMicrosoft has published Microsoft Security Bulletin MS07-063 in response to this issue. Users are strongly encouraged to review this bulletin and apply the referenced patches.In addition to the patches referenced above, Microsoft has published workarounds for this issue. Users who are unable to apply the patches are strongly encouraged to implement these workarounds as appropriate.
References
This vulnerability was reported by the vendor. This document was written by Joseph W. Pruszynski.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/520465 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:4208 | |||
Oval ID: | oval:org.mitre.oval:def:4208 | ||
Title: | Vulnerability in SMBv2 Could Allow Remote Code Execution | ||
Description: | Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-5351 | Version: | 1 |
Platform(s): | Microsoft Windows Vista | Product(s): | SMBv2 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2011-01-14 | Name : Vulnerability in SMBv2 Could Allow Remote Code Execution (942624) File : nvt/gb_ms07-063.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
39125 | Microsoft Windows Vista SMBv2 Signing Unspecified Remote Code Execution |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2007-12-13 | IAVM : 2007-T-0049 - Microsoft Windows SMBv2 Remote Code Execution Vulnerability Severity : Category I - VMSKEY : V0015589 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows SMB SMBv2 protocol negotiation attempt RuleID : 12947 - Revision : 9 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB-DS SMBv2 protocol negotiation attempt RuleID : 12946 - Revision : 10 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-01-07 | Name : It is possible to execute arbitrary code on the remote host. File : smb_kb942624.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : It is possible to execute code on the remote host. File : smb_nt_ms07-063.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-05-08 13:28:05 |
|
2013-05-11 12:26:38 |
|