 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.900091 |
| Categoría: | Malware |
| Título: | Conficker Detection |
| Resumen: | This host seems to be contaminated with infectious Conficker Worm. |
| Descripción: | Summary: This host seems to be contaminated with infectious Conficker Worm. Vulnerability Insight: Conficker is a worm that spreads on Windows Platforms. This malware could spread Windows file shares protected with weak passwords or to which a logged on domain administrator has access, by copying itself to removable storage devices and by exploiting the MS08-067 Windows Server service vulnerability. This malware generates infections files to set up to run as a service and also using a random name when Windows starts under system32, and tries to modify permissions on the service registry entries so that they are not visible to the user. Such registry entries are under, 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost' and 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RANDOM_SERVICE_NAME' The plugin determines Conficker variants B or C. It likely works against systems that allow anonymous login, otherwise Credentials can be supplied. Vulnerability Impact: Successful exploitation could allow remote attackers to take complete control of an affected system and capable of stealing all kind of sensitive information and can even spread across the Network. Affected Software/OS: - Microsoft Windows 2K Service Pack 4 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2003 Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. Additionally use a Conficker Removal Tool, or a known Security Product to remove the conficker worm. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-4250 BugTraq ID: 31874 http://www.securityfocus.com/bid/31874 Bugtraq: 20081026 Windows RPC MS08-067 FAQ document released (Google Search) http://www.securityfocus.com/archive/1/497808/100/0/threaded Bugtraq: 20081027 Windows RPC MS08-067 FAQ document updated (Google Search) http://www.securityfocus.com/archive/1/497816/100/0/threaded Cert/CC Advisory: TA08-297A http://www.us-cert.gov/cas/techalerts/TA08-297A.html Cert/CC Advisory: TA09-088A http://www.us-cert.gov/cas/techalerts/TA09-088A.html CERT/CC vulnerability note: VU#827267 http://www.kb.cert.org/vuls/id/827267 https://www.exploit-db.com/exploits/6824 https://www.exploit-db.com/exploits/6841 https://www.exploit-db.com/exploits/7104 https://www.exploit-db.com/exploits/7132 HPdes Security Advisory: HPSBST02386 http://marc.info/?l=bugtraq&m=122703006921213&w=2 HPdes Security Advisory: SSRT080164 http://blogs.securiteam.com/index.php/archives/1150 Microsoft Security Bulletin: MS08-067 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6093 http://www.securitytracker.com/id?1021091 http://secunia.com/advisories/32326 http://www.vupen.com/english/advisories/2008/2902 XForce ISS Database: win-server-rpc-code-execution(46040) https://exchange.xforce.ibmcloud.com/vulnerabilities/46040 |
| Copyright | Copyright (C) 2009 Greenbone Networks GmbH |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |