Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS14-046.NASL
HistoryAug 12, 2014 - 12:00 a.m.

MS14-046: Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625)

2014-08-1200:00:00
This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
41

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.087 Low

EPSS

Percentile

94.6%

JSON

The remote Windows host has a version of the Microsoft .NET Framework that is affected by a vulnerability that could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(77164);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/15");

  script_cve_id("CVE-2014-4062");
  script_bugtraq_id(69145);
  script_xref(name:"MSFT", value:"MS14-046");
  script_xref(name:"MSKB", value:"2937608");
  script_xref(name:"MSKB", value:"2943344");
  script_xref(name:"MSKB", value:"2966825");
  script_xref(name:"MSKB", value:"2966827");
  script_xref(name:"MSKB", value:"2966826");
  script_xref(name:"MSKB", value:"2966828");
  script_xref(name:"MSKB", value:"2937610");
  script_xref(name:"MSKB", value:"2943357");
  script_xref(name:"IAVA", value:"2014-A-0128-S");

  script_name(english:"MS14-046: Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625)");
  script_summary(english:"Checks the version of the .NET files.");

  script_set_attribute(attribute:"synopsis", value:
"The version of the .NET Framework installed on the remote host is
affected by a security feature bypass vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host has a version of the Microsoft .NET Framework
that is affected by a vulnerability that could allow an attacker to
bypass the Address Space Layout Randomization (ASLR) security feature.");
  # https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-046
  script_set_attribute(attribute:"see_also", value:"https://www.nessus.org/u?5756f036");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for .NET Framework 2.0 SP2,
3.0 SP2, 3.5, and 3.5.1.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/08/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:.net_framework");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");
include("smb_reg_query.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS14-046';
kbs = make_list(
  "2937608",
  "2943344",
  "2966825",
  "2966827",
  "2966826",
  "2966828",
  "2937610",
  "2943357"
);

if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

# Windows 2008 Server Server Core is not affected.
if ('6.0' >< get_kb_item("SMB/WindowsVersion") && hotfix_check_server_core()) audit(AUDIT_WIN_SERVER_CORE);

productname = get_kb_item_or_exit("SMB/ProductName", exit_code:1);

# Windows RT and Windows RT 8.1 not affected
if ("Windows RT" >< productname)
  exit(0, "The host is running "+productname+" and is, therefore, not affected.");

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

registry_init();
hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);

assembly_dir_30 = get_registry_value(handle:hklm, item:"SOFTWARE\Microsoft\.NETFramework\AssemblyFolders\v3.0\All Assemblies In");

assembly_dir_35 = get_registry_value(handle:hklm, item:"SOFTWARE\Microsoft\.NETFramework\AssemblyFolders\v3.5\All Assemblies In");
RegCloseKey(handle:hklm);

close_registry();

vuln = 0;

########## KB2937608 ###########
# .NET Framework 2.0 SP2       #
# Windows Vista SP2            #
# Windows Server 2008 SP2      #
################################
missing = 0;
missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"mscorlib.dll", version:"2.0.50727.7067", min_version:"2.0.50727.5000", dir:"\Microsoft.NET\Framework\v2.0.50727");
missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"mscorlib.dll", version:"2.0.50727.4252", min_version:"2.0.50727.4000", dir:"\Microsoft.NET\Framework\v2.0.50727");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2937608");
vuln += missing;

########## KB2943344 ###########
# .NET Framework 3.0 SP2       #
# Windows Vista SP2            #
# Windows Server 2008 SP2      #
################################
if (!isnull(assembly_dir_30))
{
  missing = 0;
  missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"icardres.dll", version:"3.0.4506.4223", min_version:"3.0.4506.4000", dir:"\system32");
  missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"icardres.dll", version:"3.0.4506.7082", min_version:"3.0.4506.5000", dir:"\system32");

  if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2943344");
  vuln += missing;
}

########## KB2943357 ###########
# .NET Framework 3.5.1         #
# Windows 7 SP1                #
# Windows Server 2008 R2 SP1   #
################################
missing = 0;
missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"system.runtime.serialization.dll", version:"3.0.4506.5461", min_version:"3.0.4506.5000", dir:"\Microsoft.NET\Framework\v2.0.50727");
missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"system.runtime.serialization.dll", version:"3.0.4506.7082", min_version:"3.0.4506.7000", dir:"\Microsoft.NET\Framework\v2.0.50727");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2943357");
vuln += missing;

########## KB2937610 ###########
# .NET Framework 3.5.1         #
# Windows 7 SP1                #
# Windows Server 2008 R2 SP1   #
################################
missing = 0;
missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"system.xml.dll", version:"2.0.50727.5483", min_version:"2.0.50727.5000", dir:"\Microsoft.NET\Framework\v2.0.50727");
missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"system.xml.dll", version:"2.0.50727.7057", min_version:"2.0.50727.7000", dir:"\Microsoft.NET\Framework\v2.0.50727");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2937610");
vuln += missing;

########## KB2966827 ###########
# .NET Framework 3.5           #
# Windows 8                    #
# Windows Server 2012          #
################################
if (!isnull(assembly_dir_35))
{
  missing = 0;
  missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"system.runtime.serialization.dll", version:"3.0.4506.6416", min_version:"3.0.4506.6000", path:assembly_dir_35);
  missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"system.runtime.serialization.dll", version:"3.0.4506.7082", min_version:"3.0.4506.7000", path:assembly_dir_35);

  if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2966827");
  vuln += missing;
}

########## KB2966825 ###########
# .NET Framework 3.5           #
# Windows 8                    #
# Windows Server 2012          #
################################
missing = 0;
missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"mscorlib.dll", version:"2.0.50727.6419", min_version:"2.0.50727.6000", dir:"\Microsoft.NET\Framework\v2.0.50727");
missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"mscorlib.dll", version:"2.0.50727.7057", min_version:"2.0.50727.7000", dir:"\Microsoft.NET\Framework\v2.0.50727");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2966825");
vuln += missing;

########## KB2966828 ###########
# .NET Framework 3.5           #
# Windows 8.1                  #
# Windows Server 2012 R2       #
################################
if (!isnull(assembly_dir_35))
{
  missing = 0;
  missing += hotfix_is_vulnerable(os:"6.3", sp:0, file:"system.runtime.serialization.dll", version:"3.0.4506.8603", min_version:"3.0.4506.8600", path:assembly_dir_35);
  missing += hotfix_is_vulnerable(os:"6.3", sp:0, file:"system.runtime.serialization.dll", version:"3.0.4506.8003", min_version:"3.0.4506.0", path:assembly_dir_35);

  if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2966828");
  vuln += missing;
}

########## KB2966826 ###########
# .NET Framework 3.5           #
# Windows 8.1                  #
# Windows Server 2012 R2       #
################################
missing = 0;
missing += hotfix_is_vulnerable(os:"6.3", sp:0, file:"mscorlib.dll", version:"2.0.50727.8612", min_version:"2.0.50727.8600", dir:"\Microsoft.NET\Framework\v2.0.50727");
missing += hotfix_is_vulnerable(os:"6.3", sp:0, file:"mscorlib.dll", version:"2.0.50727.8007", min_version:"2.0.50727.0", dir:"\Microsoft.NET\Framework\v2.0.50727");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2966826");
vuln += missing;

if(vuln > 0)
{
  set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_warning();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, "affected");
}
VendorProductVersionCPE
microsoft.net_frameworkcpe:/a:microsoft:.net_framework

Related

openvas 1
mskb 1
cve 1
symantec 1
prion 1
cvelist 1
nvd 1
kaspersky 1
securityvulns 1
openvas
openvas
Microsoft .NET Framework Security Bypass Vulnerability (2984625)
2014-08-13 00:00:00
mskb
mskb
MS14-046: Vulnerability in the .NET Framework could allow security feature bypass: August 12, 2014
2014-08-12 00:00:00
cve
cve
CVE-2014-4062
2014-08-12 21:55:07
symantec
symantec
Microsoft .NET Framework CVE-2014-4062 ASLR Security Bypass Vulnerability
2014-08-12 00:00:00
prion
prion
Security feature bypass
2014-08-12 21:55:00
cvelist
cvelist
CVE-2014-4062
2014-08-12 21:00:00
nvd
nvd
CVE-2014-4062
2014-08-12 21:55:07
kaspersky
kaspersky
KLA10603 Multiple vulnerabilities in Microsoft .NET Framework
2014-11-11 00:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2014-09-15 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.087 Low

EPSS

Percentile

94.6%

JSON
Related for SMB_NT_MS14-046.NASL
openvas1mskb1cve1symantec1prion1cvelist1nvd1kaspersky1securityvulns1