Script smb-vuln-ms10-054

Script types: hostrule
Categories: vuln, intrusive, dos
Download: https://svn.nmap.org/nmap/scripts/smb-vuln-ms10-054.nse

Script Summary

Tests whether target machines are vulnerable to the ms10-054 SMB remote memory corruption vulnerability.

The vulnerable machine will crash with BSOD.

The script requires at least READ access right to a share on a remote machine. Either with guest credentials or with specified username/password.

Script Arguments

smb-vuln-ms10-054.share

Share to connect to (defaults to SharedDocs)

unsafe

Required to run the script, "safety swich" to prevent running it by accident

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

randomseed, smbbasic, smbport, smbsign

See the documentation for the smb library.

vulns.short, vulns.showall

See the documentation for the vulns library.

Example Usage

nmap  -p 445 <target> --script=smb-vuln-ms10-054 --script-args unsafe

Script Output

Host script results:
| smb-vuln-ms10-054:
|   VULNERABLE:
|   SMB remote memory corruption vulnerability
|     State: VULNERABLE
|     IDs:  CVE:CVE-2010-2550
|     Risk factor: HIGH  CVSSv2: 10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
|     Description:
|       The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
|       Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
|       does not properly validate fields in an SMB request, which allows remote attackers
|       to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
|
|     Disclosure date: 2010-08-11
|     References:
|       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2550
|_      http://seclists.org/fulldisclosure/2010/Aug/122

Requires


Author:

  • Aleksandar Nikolic

License: Same as Nmap--See https://nmap.org/book/man-legal.html