Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.SMB_NT_MS06-025.NASL
HistoryJun 13, 2006 - 12:00 a.m.

MS06-025: Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)

2006-06-1300:00:00
This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
www.tenable.com
71

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.939

Percentile

99.1%

JSON

The remote version of Windows contains a version of RRAS (Routing and Remote Access Service) that has several memory corruption vulnerabilities.

An attacker may exploit these flaws to execute code on the remote service.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(21689);
 script_version("1.37");
 script_cvs_date("Date: 2018/11/15 20:50:30");

 script_cve_id("CVE-2006-2370", "CVE-2006-2371");
 script_bugtraq_id(18325, 18358, 18424);
 script_xref(name:"MSFT", value:"MS06-025");
 script_xref(name:"MSKB", value:"911280");

 script_name(english:"MS06-025: Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)");
 script_summary(english:"Determines the presence of update 911280");

 script_set_attribute(attribute:"synopsis", value:
"It is possible to execute code on the remote host.");
 script_set_attribute(attribute:"description", value:
"The remote version of Windows contains a version of RRAS (Routing and
Remote Access Service) that has several memory corruption
vulnerabilities.

An attacker may exploit these flaws to execute code on the remote
service.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2006/ms06-025");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2000, XP and
2003.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_core", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'MS06-025 Microsoft RRAS Service Overflow');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
 script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
 script_set_attribute(attribute:"canvas_package", value:'CANVAS');

 script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/13");
 script_set_attribute(attribute:"patch_publication_date", value:"2006/06/13");
 script_set_attribute(attribute:"plugin_publication_date", value:"2006/06/13");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS06-025';
kb = '911280';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win2k:'4,5', xp:'1,2', win2003:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if ( hotfix_is_vulnerable(os:"5.2", sp:0, file:"Rasmans.dll", version:"5.2.3790.529", dir:"\system32", bulletin:bulletin, kb:kb) ||
     hotfix_is_vulnerable(os:"5.2", sp:1, file:"Rasmans.dll", version:"5.2.3790.2697", dir:"\system32", bulletin:bulletin, kb:kb) ||
     hotfix_is_vulnerable(os:"5.1", sp:1, file:"Rasmans.dll", version:"5.1.2600.1842", dir:"\system32", bulletin:bulletin, kb:kb) ||
     hotfix_is_vulnerable(os:"5.1", sp:2, file:"Rasmans.dll", version:"5.1.2600.2908", dir:"\system32", bulletin:bulletin, kb:kb) ||
     hotfix_is_vulnerable(os:"5.0",       file:"Rasmans.dll", version:"5.0.2195.7093", dir:"\system32", bulletin:bulletin, kb:kb) )
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();

  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

Related

securityvulns 1
nessus 1
openvas 2
cvelist 2
saint 8
packetstorm 2
checkpoint_advisories 2
cve 2
cert 2
canvas 2
nvd 2
prion 2
nmap 1
securityvulns
securityvulns
Microsoft Security Bulletin MS06-025 Vulnerability in Routing and Remote Access Could Allow Remote Code Execution &#40;911280&#41;
2006-06-13 00:00:00
nessus
nessus
MS06-025: Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280) (uncredentialed check)
2006-06-13 00:00:00
openvas
openvas
Nmap NSE 6.01: smb-check-vulns
2013-02-28 00:00:00
Nmap NSE: SMB Check Vulnerabilities
2010-09-23 00:00:00
cvelist
cvelist
CVE-2006-2370
2006-06-13 19:00:00
CVE-2006-2371
2006-06-13 19:00:00
saint
saint
Windows RRAS memory corruption vulnerability
2006-06-30 00:00:00
Windows RASMAN registry corruption vulnerability
2006-07-28 00:00:00
Windows RASMAN registry corruption vulnerability
2006-07-28 00:00:00
packetstorm
packetstorm
Microsoft RRAS Service Overflow
2009-11-26 00:00:00
Microsoft RRAS Service RASMAN Registry Overflow
2009-11-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows RAS Manager Registry Corruption (CVE-2006-2371)
2013-10-13 00:00:00
Microsoft Windows RRAS Memory Corruption (CVE-2006-2370)
2010-08-18 00:00:00
cve
cve
CVE-2006-2371
2006-06-13 19:06:00
CVE-2006-2370
2006-06-13 19:06:00
cert
cert
Microsoft Remote Access Connection Manager service vulnerable to buffer overflow
2006-06-13 00:00:00
Microsoft Routing and Remote Access does not properly handle RPC requests
2006-06-13 00:00:00
canvas
canvas
Immunity Canvas: MS06_025
2006-06-13 19:06:00
Immunity Canvas: MS06_025B
2006-06-13 15:06:00
nvd
nvd
CVE-2006-2371
2006-06-13 19:06:00
CVE-2006-2370
2006-06-13 19:06:00
prion
prion
Memory corruption
2006-06-13 19:06:00
Buffer overflow
2006-06-13 19:06:00
nmap
nmap
smb-vuln-ms06-025 NSE Script
2015-10-03 06:07:49

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.939

Percentile

99.1%

JSON
Related for SMB_NT_MS06-025.NASL
securityvulns1nessus1openvas2cvelist2saint8packetstorm2checkpoint_advisories2cve2cert2canvas2nvd2prion2nmap1