############################################################################## # # Buffer overrun in RPC Interface (823980) # # Copyright: OS2A and it's member companies # # Date Written: 2006/06/02 # # $Revision: 1.2 $ # # $Log: smb_nt_ms03-026.nasl,v $ # Revision 1.2 2006/06/07 05:29:39 ajagadeesh # Checked for: # - Win2k update roll up # - Win NT # # Revision 1.1 2006/06/02 17:22:43 shraddha # Bugfixes: Checked for superceded patches. # # # ------------------------------------------------------------------------ # This program was written by OS2A and/or it's member companies and is # licensed under the GNU GPL license. Please see below for details. This # header contains information regarding licensing terms under the GPL, and # information regarding obtaining source code from the Author. Consequently, # pursuant to section 3(c) of the GPL, you must accompany the information # found in this header with any distribution you make of this Program. # ------------------------------------------------------------------------ ############################################################################## if(description) { script_id(11790); script_bugtraq_id(8205, 8458, 8460); script_cve_id("CVE-2003-0352", "CVE-2003-0715", "CVE-2003-0528", "CVE-2003-0605"); script_version("$Revision: 1.2 $"); script_copyright(english:"Copyright (C) 2006 OS2A"); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_name(english:"Buffer overrun in RPC Interface (823980)"); script_summary(english:"Checks for hotfix Q823980 /Superceded patches"); desc["english"] = " Overview : The remote host is running a version of Windows which has a flaw in its RPC interface, which may allow an attacker to execute arbitrary code and gain SYSTEM privileges. Solution : Refer the following bulletins, http://www.microsoft.com/technet/security/bulletin/ms03-026.mspx http://www.microsoft.com/technet/security/bulletin/ms03-039.mspx http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx http://www.microsoft.com/technet/security/bulletin/ms04-029.mspx http://www.microsoft.com/technet/security/bulletin/ms05-012.mspx http://www.microsoft.com/technet/security/bulletin/ms05-051.mspx http://www.microsoft.com/technet/security/bulletin/ms06-018.mspx Risk factor : High"; script_description(english:desc["english"]); script_dependencies("smb_hotfixes.nasl", "msrpc_dcom2.nasl"); script_require_keys("SMB/WindowsVersion"); exit(0); } include("smb_hotfixes.inc"); include("smb_nt.inc"); include("ntlmv2.inc"); if(hotfix_check_sp(nt:7, win2k:5, xp:2, win2003:1) <= 0) exit(0); # Check if Update Roll Up 1 is applied for Win2K SP4. if("Service Pack 4" >< get_kb_item("SMB/Win2K/ServicePack")); { updateRollup = cx_registry_key_exists( key:"SOFTWARE\Microsoft\Updates\Windows 2000\SP5\Update Rollup 1"); if(updateRollup){ exit(0); } } ms03_026 = hotfix_missing(name:"823980"); ms03_039 = hotfix_missing(name:"824146"); ms04_012 = hotfix_missing(name:"828741"); ms04_029 = hotfix_missing(name:"873350"); ms05_012 = hotfix_missing(name:"873333"); ms05_051 = hotfix_missing(name:"902400"); ms06_018 = hotfix_missing(name:"913580"); if(hotfix_check_sp(win2k:5) > 0) { if(ms03_026 > 0 && ms03_039 > 0 && ms04_012 > 0 && ms05_012 > 0 && ms05_051 > 0 && ms06_018 > 0){ security_hole(get_kb_item("SMB/transport")); } } else if(hotfix_check_sp(xp:2) > 0) { if(ms03_026 > 0 && ms03_039 > 0 && ms04_012 > 0 && ms05_012 > 0 && ms05_051 > 0){ security_hole(get_kb_item("SMB/transport")); } } else if(hotfix_check_sp(win2003:1) > 0) { if(ms03_026 > 0 && ms03_039 > 0 && ms04_012 > 0 && ms05_012 > 0 && ms05_051 > 0){ security_hole(get_kb_item("SMB/transport")); } } else if(hotfix_check_sp(nt:7) > 0) { if(ms03_026 > 0 && ms03_039 > 0 && ms04_012 > 0 && ms04_029 > 0){ security_hole(get_kb_item("SMB/transport")); } }