Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.SMB_NT_MS14-053.NASL
HistorySep 10, 2014 - 12:00 a.m.

MS14-053: Vulnerability in .NET Framework Could Allow Denial of Service (2990931)

2014-09-1000:00:00
This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
www.tenable.com
75

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.096 Low

EPSS

Percentile

94.8%

JSON

The remote Windows host has a version of the Microsoft .NET Framework that is affected by a vulnerability that allows a remote attacker to cause a denial of service by sending specially crafted requests to an ASP.NET web application running on the affected system.

Note that ASP.NET is not installed by default and ASP.NET must be registered and enabled for the host to be affected.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(77573);
  script_version("1.13");
  script_cvs_date("Date: 2018/11/15 20:50:31");

  script_cve_id("CVE-2014-4072");
  script_bugtraq_id(69603);
  script_xref(name:"MSFT", value:"MS14-053");
  script_xref(name:"MSKB", value:"2972207");
  script_xref(name:"MSKB", value:"2972211");
  script_xref(name:"MSKB", value:"2972212");
  script_xref(name:"MSKB", value:"2972213");
  script_xref(name:"MSKB", value:"2972214");
  script_xref(name:"MSKB", value:"2972215");
  script_xref(name:"MSKB", value:"2972216");
  script_xref(name:"MSKB", value:"2973112");
  script_xref(name:"MSKB", value:"2973113");
  script_xref(name:"MSKB", value:"2973114");
  script_xref(name:"MSKB", value:"2973115");
  script_xref(name:"MSKB", value:"2974268");
  script_xref(name:"MSKB", value:"2974269");
  script_xref(name:"MSKB", value:"2977765");
  script_xref(name:"MSKB", value:"2977766");

  script_name(english:"MS14-053: Vulnerability in .NET Framework Could Allow Denial of Service (2990931)");
  script_summary(english:"Checks the version of the .NET files.");

  script_set_attribute(attribute:"synopsis", value:
"The version of the .NET Framework installed on the remote host is
affected by a denial of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host has a version of the Microsoft .NET Framework
that is affected by a vulnerability that allows a remote attacker to
cause a denial of service by sending specially crafted requests to an
ASP.NET web application running on the affected system.

Note that ASP.NET is not installed by default and ASP.NET must be
registered and enabled for the host to be affected.");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-053");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for .NET Framework 1.1 SP1,
2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, and 4.5.2.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/09/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:.net_framework");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl", "microsoft_net_framework_installed.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_reg_query.inc");
include("misc_func.inc");
include("install_func.inc");

# Windows Embedded is not supported by Nessus
# There are cases where this plugin is flagging embedded
# hosts improperly since this update does not apply
# to those machines
productname = get_kb_item("SMB/ProductName");
if ("Windows Embedded" >< productname)
  exit(0, "Nessus does not support bulletin / patch checks for Windows Embedded.");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS14-053';
kbs = make_list(
  "2972207",
  "2972211",
  "2972212",
  "2972213",
  "2972214",
  "2972215",
  "2972216",
  "2973112",
  "2973113",
  "2973114",
  "2973115",
  "2974268",
  "2974269",
  "2977765",
  "2977766"
);

if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win2003:'2', vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

# Windows 2008 Server Server Core is not affected.
if ('6.0' >< get_kb_item("SMB/WindowsVersion") && hotfix_check_server_core()) audit(AUDIT_WIN_SERVER_CORE);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

dotnet_452_installed = FALSE;
dotnet_451_installed = FALSE;
dotnet_45_installed  = FALSE;

# Determine if .NET 4.5, 4.5.1, or 4.5.2 is installed
count = get_install_count(app_name:'Microsoft .NET Framework');
if (count > 0)
{
  installs = get_installs(app_name:'Microsoft .NET Framework');
  foreach install(installs[1])
  {
    ver = install["version"];
    if (ver == "4.5") dotnet_45_installed = TRUE;
    if (ver == "4.5.1") dotnet_451_installed = TRUE;
    if (ver == "4.5.2") dotnet_452_installed = TRUE;
  }
}

registry_init();
hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);
assembly_dir_30 = get_registry_value(handle:hklm, item:"SOFTWARE\Microsoft\.NETFramework\AssemblyFolders\v3.0\All Assemblies In");
RegCloseKey(handle:hklm);
close_registry(close:FALSE);

vuln = 0;

########## KB2977765 ###########
# .NET Framework 4.5.1 / 4.5.2 #
# Windows 8.1                  #
# Windows RT 8.1               #
# Windows Server 2012 R2       #
################################
missing = 0;
if (dotnet_451_installed || dotnet_452_installed)
{
  missing += hotfix_is_vulnerable(os:"6.3", sp:0, file:"system.runtime.serialization.dll", version:"4.0.30319.34209", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319");
  missing += hotfix_is_vulnerable(os:"6.3", sp:0, file:"system.runtime.serialization.dll", version:"4.0.30319.36213", min_version:"4.0.30319.35000", dir:"\Microsoft.NET\Framework\v4.0.30319");
}

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2977765");
vuln += missing;

########### KB2977766 ############
# .NET Framework 4.5/4.5.1/4.5.2 #
# Windows 8                      #
# Windows RT                     #
# Windows Server 2012            #
##################################
missing = 0;
if (dotnet_45_installed || dotnet_451_installed || dotnet_452_installed)
{
  missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"system.runtime.serialization.dll", version:"4.0.30319.34230", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319");
  missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"system.runtime.serialization.dll", version:"4.0.30319.36241", min_version:"4.0.30319.35000", dir:"\Microsoft.NET\Framework\v4.0.30319");
}

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2977766");
vuln += missing;

########### KB2972216 ############
# .NET Framework 4.5/4.5.1/4.5.2 #
# Windows Vista SP2              #
# Windows Server 2008 SP2        #
# Windows 7 SP1                  #
# Windows Server 2008 R2 SP1     #
##################################
missing = 0;
if (dotnet_45_installed || dotnet_451_installed || dotnet_452_installed)
{
  # Windows Vista/Server 2008 SP2
  missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"system.runtime.serialization.dll", version:"4.0.30319.34234", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319");
  # Windows 7/Server 2008 R2 SP1
  missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"system.runtime.serialization.dll", version:"4.0.30319.34234", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319");
}

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2972216");
vuln += missing;

########### KB2972215 ############
# .NET Framework 4               #
# Windows Vista SP2              #
# Windows Server 2008 SP2        #
# Windows 7 SP1                  #
# Windows Server 2008 R2 SP1     #
# Windows Server 2003 SP2        #
##################################
missing = 0;

# Windows Server 2003 SP2
missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"system.runtime.serialization.dll", version:"4.0.30319.1026", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319");
# Windows Vista/Server 2008 SP2
missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"system.runtime.serialization.dll", version:"4.0.30319.1026", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319");
# Windows 7/Server 2008 R2 SP1
missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"system.runtime.serialization.dll", version:"4.0.30319.1026", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2972215");
vuln += missing;

########### KB2973112 ############
# .NET Framework 3.5.1           #
# Windows 7 SP1                  #
# Windows Server 2008 R2 SP1     #
##################################
if (!isnull(assembly_dir_30))
{
  missing = 0;
  missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"system.runtime.serialization.dll", version:"3.0.4506.5463", min_version:"3.0.4506.5000", path:assembly_dir_30);
  missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"system.runtime.serialization.dll", version:"3.0.4506.8635", min_version:"3.0.4506.7000", path:assembly_dir_30);

  if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2973112");
  vuln += missing;
}

########### KB2972211 ############
# .NET Framework 3.5.1           #
# Windows 7 SP1                  #
# Windows Server 2008 R2 SP1     #
##################################
missing = 0;

missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"mscorlib.dll", version:"2.0.50727.5485", min_version:"2.0.50727.5000", dir:"\Microsoft.NET\Framework\v2.0.50727");
missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"mscorlib.dll", version:"2.0.50727.7071", min_version:"2.0.50727.7000", dir:"\Microsoft.NET\Framework\v2.0.50727");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2972211");
vuln += missing;

########## KB2973114 ###########
# .NET Framework 3.5           #
# Windows 8.1                  #
# Windows Server 2012 R2       #
################################
if (!isnull(assembly_dir_30))
{
  missing = 0;
  missing += hotfix_is_vulnerable(os:"6.3", sp:0, file:"system.identitymodel.dll", version:"3.0.4506.8002", min_version:"3.0.4506.0", path:assembly_dir_30);

  if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2973114");
  vuln += missing;
}

########## KB2972213 ###########
# .NET Framework 3.5           #
# Windows 8.1                  #
# Windows Server 2012 R2       #
################################
missing = 0;

missing += hotfix_is_vulnerable(os:"6.3", sp:0, file:"mscorwks.dll", version:"2.0.50727.8009", min_version:"2.0.50727.7000", dir:"\Microsoft.NET\Framework\v2.0.50727");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2972213");
vuln += missing;

########## KB2973113 ###########
# .NET Framework 3.5           #
# Windows 8                    #
# Windows Server 2012          #
################################
if (!isnull(assembly_dir_30))
{
  missing = 0;
  missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"system.identitymodel.dll", version:"3.0.4506.6415", min_version:"3.0.4506.6000", path:assembly_dir_30);
  missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"system.identitymodel.dll", version:"3.0.4506.8635", min_version:"3.0.4506.7000", path:assembly_dir_30);

  if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2973113");
  vuln += missing;
}
########## KB2972212 ###########
# .NET Framework 3.5           #
# Windows 8                    #
# Windows Server 2012          #
################################
missing = 0;
missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"mscorlib.dll", version:"2.0.50727.6421", min_version:"2.0.50727.6000", dir:"\Microsoft.NET\Framework\v2.0.50727");
missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"mscorlib.dll", version:"2.0.50727.7071", min_version:"2.0.50727.7000", dir:"\Microsoft.NET\Framework\v2.0.50727");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2972212");
vuln += missing;

########### KB2974269 ############
# .NET Framework 3.0 SP2         #
# Windows Vista SP2              #
# Windows Server 2008 SP2        #
##################################
if (!isnull(assembly_dir_30))
{
  missing = 0;
  missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"system.runtime.serialization.dll", version:"3.0.4506.4222", min_version:"3.0.4506.4000", path:assembly_dir_30);
  missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"system.runtime.serialization.dll", version:"3.0.4506.8635", min_version:"3.0.4506.5000", path:assembly_dir_30);

  if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2974269");
  vuln += missing;
}
########### KB2973115 ############
# .NET Framework 3.0 SP2         #
# Windows Server 2003 SP2        #
##################################
if (!isnull(assembly_dir_30))
{
  missing = 0;
  missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"system.runtime.serialization.dll", version:"3.0.4506.4068", min_version:"3.0.4506.4000", path:assembly_dir_30);

  if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2973115");
  vuln += missing;
}

########### KB2974268 ############
# .NET Framework 2.0 SP2         #
# Windows Vista SP2              #
# Windows Server 2008 SP2        #
##################################
missing = 0;
missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"mscorlib.dll", version:"2.0.50727.7071", min_version:"2.0.50727.5000", dir:"\Microsoft.NET\Framework\v2.0.50727");
missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"mscorlib.dll", version:"2.0.50727.4253", min_version:"2.0.50727.4000", dir:"\Microsoft.NET\Framework\v2.0.50727");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2974268");
vuln += missing;

########### KB2972214 ############
# .NET Framework 2.0 SP2         #
# Windows Server 2003 SP2        #
##################################
missing = 0;
missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"mscorlib.dll", version:"2.0.50727.3662", dir:"\Microsoft.NET\Framework\v2.0.50727");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2972214");
vuln += missing;

########### KB2972207 ############
# .NET Framework 1.1 SP1         #
# Windows Server 2003 SP2        #
##################################
missing = 0;
missing += hotfix_is_vulnerable(os:"5.2", arch:"x86", sp:2, file:"mscorlib.dll", version:"1.1.4322.2510", min_version:"1.1.4322.2000", dir:"\Microsoft.NET\Framework\v1.1.4322");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2972207");
vuln += missing;

if(vuln > 0)
{
  set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_warning();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, "affected");
}
VendorProductVersionCPE
microsoft.net_frameworkcpe:/a:microsoft:.net_framework

Related

cve 1
symantec 1
mskb 1
openvas 1
prion 1
cvelist 1
nvd 1
kaspersky 1
securityvulns 1
cve
cve
CVE-2014-4072
2014-09-10 01:55:09
symantec
symantec
Microsoft .NET Framework CVE-2014-4072 Remote Denial of Service Vulnerability
2014-09-09 00:00:00
mskb
mskb
MS14-053: Vulnerability in the .NET Framework could allow denial of service: September 9, 2014
2014-09-09 00:00:00
openvas
openvas
Microsoft .NET Framework Denial of Service Vulnerability (2990931)
2014-09-10 00:00:00
prion
prion
Denial of service
2014-09-10 01:55:00
cvelist
cvelist
CVE-2014-4072
2014-09-10 01:00:00
nvd
nvd
CVE-2014-4072
2014-09-10 01:55:09
kaspersky
kaspersky
KLA10603 Multiple vulnerabilities in Microsoft .NET Framework
2014-11-11 00:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2014-09-15 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.096 Low

EPSS

Percentile

94.8%

JSON
Related for SMB_NT_MS14-053.NASL
cve1symantec1mskb1openvas1prion1cvelist1nvd1kaspersky1securityvulns1