 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.900057 |
| Kategorie: | Windows : Microsoft Bulletins |
| Titel: | SMB Could Allow Remote Code Execution Vulnerability (957097) |
| Zusammenfassung: | This host is missing a critical security update according to; Microsoft Bulletin MS08-068. |
| Beschreibung: | Summary: This host is missing a critical security update according to Microsoft Bulletin MS08-068. Vulnerability Insight: Issue exists due to the way that Server Message Block (SMB) Protocol handles NTLM credentials when a user connects to an attacker's SMB server. Vulnerability Impact: Successful exploitation could allow attacker to replay the user's credentials back to them and execute code in the context of the logged-on user. They can get complete control of an affected system to view, change, or delete data or creating new accounts with full user rights. complete control of an affected system. Affected Software/OS: - Microsoft Windows 2K Service Pack 4 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2003 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 1 and prior - Microsoft Windows 2008 Server Service Pack 1 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-4037 BugTraq ID: 7385 http://www.securityfocus.com/bid/7385 Cert/CC Advisory: TA08-316A http://www.us-cert.gov/cas/techalerts/TA08-316A.html https://www.exploit-db.com/exploits/7125 HPdes Security Advisory: HPSBST02386 http://marc.info/?l=bugtraq&m=122703006921213&w=2 HPdes Security Advisory: SSRT080164 http://www.networkworld.com/news/2008/111208-microsoft-seven-year-security-patch.html http://www.securityfocus.com/data/vulnerabilities/exploits/backrush.patch http://www.securityfocus.com/data/vulnerabilities/exploits/backrush.patch.README http://www.veracode.com/blog/2008/11/microsoft-fixes-8-year-old-design-flaw-in-smb/ http://www.xfocus.net/articles/200305/smbrelay.html Microsoft Security Bulletin: MS08-068 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-068 http://osvdb.org/49736 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6012 http://securitytracker.com/id?1021163 http://secunia.com/advisories/32633 http://www.vupen.com/english/advisories/2008/3110 |
| Copyright | Copyright (C) 2008 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |