Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS16-108.NASL
HistorySep 13, 2016 - 12:00 a.m.

MS16-108: Security Update for Microsoft Exchange Server (3185883)

2016-09-1300:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
223

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

EPSS

0.024

Percentile

90.2%

JSON

The remote Microsoft Exchange Server is missing a security update. It is, therefore, affected by multiple vulnerabilities :

  • Multiple remote code execution vulnerabilities exist in the Oracle Outside In libraries. An unauthenticated, remote attacker can exploit these, via a specially crafted email, to execute arbitrary code.
    (CVE-2015-6014, CVE-2016-3575, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, CVE-2016-3596)

  • An unspecified information disclosure vulnerability exists in the Oracle Outside In libraries that allows an attacker to disclose sensitive information.
    (CVE-2016-3574)

  • Multiple denial of service vulnerabilities exists in the Oracle Outside In libraries. (CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3590)

  • An information disclosure vulnerability exists due to improper parsing of certain unstructured file formats.
    An unauthenticated, remote attacker can exploit this, via a crafted email using ‘send as’ rights, to disclose confidential user information. (CVE-2016-0138)

  • An open redirect vulnerability exists due to improper handling of open redirect requests. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to redirect the user to a malicious website that spoofs a legitimate one.
    (CVE-2016-3378)

  • An elevation of privilege vulnerability exists due to improper handling of meeting invitation requests. An unauthenticated, remote attacker can exploit this, via a specially crafted Outlook meeting invitation request, to gain elevated privileges. (CVE-2016-3379)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(93467);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/04/20");

  script_cve_id(
    "CVE-2015-6014",
    "CVE-2016-0138",
    "CVE-2016-3378",
    "CVE-2016-3379",
    "CVE-2016-3574",
    "CVE-2016-3575",
    "CVE-2016-3576",
    "CVE-2016-3577",
    "CVE-2016-3578",
    "CVE-2016-3579",
    "CVE-2016-3580",
    "CVE-2016-3581",
    "CVE-2016-3582",
    "CVE-2016-3583",
    "CVE-2016-3590",
    "CVE-2016-3591",
    "CVE-2016-3592",
    "CVE-2016-3593",
    "CVE-2016-3594",
    "CVE-2016-3595",
    "CVE-2016-3596"
  );
  script_bugtraq_id(
    81233,
    91908,
    91914,
    91921,
    91923,
    91924,
    91925,
    91927,
    91929,
    91931,
    91933,
    91934,
    91935,
    91936,
    91937,
    91939,
    91940,
    91942,
    92806,
    92833,
    92836
  );
  script_xref(name:"MSFT", value:"MS16-108");
  script_xref(name:"MSKB", value:"3184711");
  script_xref(name:"MSKB", value:"3184728");
  script_xref(name:"MSKB", value:"3184736");

  script_name(english:"MS16-108: Security Update for Microsoft Exchange Server (3185883)");
  script_summary(english:"Checks the version of ExSetup.exe.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Microsoft Exchange Server is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Microsoft Exchange Server is missing a security update. It
is, therefore, affected by multiple vulnerabilities :

  - Multiple remote code execution vulnerabilities exist in
    the Oracle Outside In libraries. An unauthenticated,
    remote attacker can exploit these, via a specially
    crafted email, to execute arbitrary code.
    (CVE-2015-6014, CVE-2016-3575, CVE-2016-3581,
    CVE-2016-3582, CVE-2016-3583, CVE-2016-3591,
    CVE-2016-3592, CVE-2016-3593, CVE-2016-3594,
    CVE-2016-3595, CVE-2016-3596)

  - An unspecified information disclosure vulnerability
    exists in the Oracle Outside In libraries that allows an
    attacker to disclose sensitive information.
    (CVE-2016-3574)

  - Multiple denial of service vulnerabilities exists in the
    Oracle Outside In libraries. (CVE-2016-3576,
    CVE-2016-3577, CVE-2016-3578, CVE-2016-3579,
    CVE-2016-3580, CVE-2016-3590)

  - An information disclosure vulnerability exists due to
    improper parsing of certain unstructured file formats.
    An unauthenticated, remote attacker can exploit this,
    via a crafted email using 'send as' rights, to disclose
    confidential user information. (CVE-2016-0138)

  - An open redirect vulnerability exists due to improper
    handling of open redirect requests. An unauthenticated,
    remote attacker can exploit this, by convincing a user
    to click a specially crafted URL, to redirect the user
    to a malicious website that spoofs a legitimate one.
    (CVE-2016-3378)

  - An elevation of privilege vulnerability exists due to
    improper handling of meeting invitation requests. An
    unauthenticated, remote attacker can exploit this, via a
    specially crafted Outlook meeting invitation request,
    to gain elevated privileges. (CVE-2016-3379)");
  # https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-108
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9e520324");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Exchange Server 2007,
2010, 2013, and 2016.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-6014");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/09/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:exchange_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ms_bulletin_checks_possible.nasl", "microsoft_exchange_installed.nbin");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");
include("install_func.inc");

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

exit_if_productname_not_server();

bulletin = 'MS16-108';
kbs = make_list("3184711", "3184728", "3184736");

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

install = get_single_install(app_name:"Microsoft Exchange");

path = install["path"];
version = install["version"];
release = install["RELEASE"];
if (release != 80 && release != 140 && release != 150 && release != 151)
  audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', version);

if (!empty_or_null(install["SP"]))
  sp = install["SP"];
if (!empty_or_null(install["CU"]))
  cu = install["CU"];

if (((release == 150 || release == 151) && isnull(cu)) ||
   (release == 150 && cu != 4 && cu != 12 && cu != 13) ||
   (release == 151 && cu != 1 && cu != 2))
  audit(AUDIT_INST_VER_NOT_VULN, 'Exchange', version);

if (release == 80)
{
  kb = "3184711";
  if (!empty_or_null(sp) && sp == 3)
    fixedver = "8.3.485.1";
}
else if (release == 140)
{
  kb = "3184728";
  if (!empty_or_null(sp) && sp == 3)
    fixedver = "14.3.319.2";
}
else if (release == 150) # 2013 SP1 AKA CU4
{
  kb = "3184736";
  if (cu == 4)
    fixedver = "15.0.847.50";
  else if (cu == 12)
    fixedver = "15.0.1178.9";
  else if (cu == 13)
    fixedver = "15.0.1210.6";
}
else if (release == 151) # Exchange Server 2016
{
  kb = "3184736";
  if (cu == 1)
    fixedver = "15.1.396.37";
  else if (cu == 2)
    fixedver = "15.1.466.37";
}

if (fixedver && hotfix_is_vulnerable(path:hotfix_append_path(path:path, value:"Bin"), file:"ExSetup.exe", version:fixedver, bulletin:bulletin, kb:kb))
{
  set_kb_item(name:'SMB/Missing/' + bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

References

Related

prion 25
ibm 6
cvelist 25
nvd 25
cve 25
mscve 5
openvas 3
mskb 5
kaspersky 1
talos 17
symantec 3
seebug 17
packetstorm 1
checkpoint_advisories 1
cert 1
nessus 1
oracle 2
prion
prion
Design/Logic Flaw
2016-07-21 10:14:00
Design/Logic Flaw
2016-07-21 10:14:00
Design/Logic Flaw
2016-07-21 10:14:00
ibm
ibm
Security Bulletin: Multiple Oracle Outside In Technology (OIT) July 2016 CPU in IBM Content Collector for Email
2018-06-17 12:17:03
Security Bulletin: Vulnerabilies (17 total) in Oracle Outside In Technology (OIT) affect FileNet Content Manager and IBM Content Foundation
2018-06-17 12:16:38
Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation (CVE-2016-3574, CVE-2016-3575, etc)
2018-06-17 05:15:44
cvelist
cvelist
CVE-2016-3574
2016-07-21 10:00:00
CVE-2016-3590
2016-07-21 10:00:00
CVE-2016-3576
2016-07-21 10:00:00
nvd
nvd
CVE-2016-3583
2016-07-21 10:14:22
CVE-2016-3592
2016-07-21 10:14:31
CVE-2016-3576
2016-07-21 10:14:14
cve
cve
CVE-2016-3590
2016-07-21 10:14:29
CVE-2016-3579
2016-07-21 10:14:17
CVE-2016-3575
2016-07-21 10:14:13
mscve
mscve
Oracle Outside In Vulnerabilities
2016-09-13 07:00:00
Microsoft Exchange Elevation of Privilege Vulnerability
2016-09-13 07:00:00
Microsoft Exchange Open Redirect Vulnerability
2016-09-13 07:00:00
openvas
openvas
Microsoft Exchange Server Multiple Vulnerabilities (3185883)
2016-09-14 00:00:00
Microsoft Exchange Server Information Disclosure Vulnerabilities (3185883)
2016-09-14 00:00:00
Microsoft Exchange Server Multiple Vulnerabilities (3160339)
2016-06-15 00:00:00
mskb
mskb
MS16-108: Security update for Exchange Server: September 13, 2016
2016-09-13 00:00:00
MS16-108: Description of the security update for Exchange Server 2016 and 2013: September 13, 2016
2016-09-13 07:00:00
MS16-108: Update Rollup 21 for Exchange Server 2007 Service Pack 3: September 13, 2016
2016-09-13 07:00:00
kaspersky
kaspersky
KLA10873 Multiple vulnerabilities in Microsoft Exchange Server
2016-09-13 00:00:00
talos
talos
Oracle OIT IX SDK libvs_pdf arbitrary pointer access
2016-07-19 00:00:00
Oracle OIT IX SDK TIFF file parsing heap buffer overflow
2016-07-19 00:00:00
Oracle OIT IX SDK libvs_pdf FlateDecode Colors Denial of Service Vulnerabiity
2016-07-19 00:00:00
symantec
symantec
Microsoft Exchange Server CVE-2016-3379 Cross Site Scripting Vulnerability
2016-09-13 00:00:00
Microsoft Exchange Server CVE-2016-3378 Open Redirection Vulnerability
2016-09-13 00:00:00
Microsoft Exchange Server CVE-2016-0138 Information Disclosure Vulnerability
2016-09-13 00:00:00
seebug
seebug
Oracle OIT IX SDK libvs_pdf FlateDecode Colors Denial of Service Vulnerabiity(CVE-2016-3578)
2017-10-16 00:00:00
Oracle OIT IX SDK TIFF file parsing heap buffer overflow(CVE-2016-3582)
2017-10-16 00:00:00
Oracle OIT IX SDK libvs_pdf arbitrary pointer access(CVE-2016-3579)
2017-10-16 00:00:00
packetstorm
packetstorm
Microsoft Exchange Open Redirect
2018-03-28 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Fusion Middleware OiT Component Multiple Vulnerabilities (CVE-2016-3593)
2020-12-20 00:00:00
cert
cert
Oracle Outside In 8.5.2 contains multiple stack buffer overflows
2016-01-20 00:00:00
nessus
nessus
MS16-079: Security Update for Microsoft Exchange Server (3160339)
2016-06-15 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00
Oracle Critical Patch Update - January 2016
2016-01-19 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

EPSS

0.024

Percentile

90.2%

JSON
Related for SMB_NT_MS16-108.NASL
prion25ibm6cvelist25nvd25cve25mscve5openvas3mskb5kaspersky1talos17symantec3seebug17packetstorm1checkpoint_advisories1cert1nessus1oracle2