Búsqueda de    
Vulnerabilidad   
    Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.902269
Categoría:Windows : Microsoft Bulletins
Título:Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468)
Resumen:This host is missing a critical security update according to; Microsoft Bulletin MS10-012.
Descripción:Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS10-012.

Vulnerability Insight:
- An input validation error exists while processing SMB requests and can
be exploited to cause a buffer overflow via a specially crafted SMB packet.

- An error exists in the SMB implementation while parsing SMB packets during
the Negotiate phase causing memory corruption via a specially crafted SMB packet.

- NULL pointer dereference error exists in SMB while verifying the 'share'
and 'servername' fields in SMB packets causing denial of service.

- A lack of cryptographic entropy when the SMB server generates challenges
during SMB NTLM authentication and can be exploited to bypass the authentication mechanism.

Vulnerability Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code or cause a denial of service or bypass the authentication mechanism via brute force technique.

Affected Software/OS:
- Microsoft Windows 7

- Microsoft Windows 2000 Service Pack and prior

- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows Vista Service Pack 2 and prior

- Microsoft Windows Server 2003 Service Pack 2 and prior

- Microsoft Windows Server 2008 Service Pack 2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0020
Cert/CC Advisory: TA10-040A
http://www.us-cert.gov/cas/techalerts/TA10-040A.html
Microsoft Security Bulletin: MS10-012
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-012
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8438
Common Vulnerability Exposure (CVE) ID: CVE-2010-0021
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8524
Common Vulnerability Exposure (CVE) ID: CVE-2010-0022
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8314
Common Vulnerability Exposure (CVE) ID: CVE-2010-0231
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7751
CopyrightCopyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2025 E-Soft Inc. Todos los derechos reservados.