File smb-vuln-ms10-054
Script types:
hostrule
Categories:
vuln, intrusive, dos
Download: http://nmap.org/svn/scripts/smb-vuln-ms10-054.nse
User Summary
Tests whether target machines are vulnerable to the ms10-054 SMB remote memory corruption vulnerability.
The vulnerable machine will crash with BSOD.
The script requires at least READ access right to a share on a remote machine. Either with guest credentials or with specified username/password.
Script Arguments
smb-vuln-ms10-054.share
Share to connect to (defaults to SharedDocs)
unsafe
Required to run the script, "safty swich" to prevent running it by accident
vulns.showall
See the documentation for the vulns library.randomseed, smbbasic, smbport, smbsign
See the documentation for the smb library.smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.Example Usage
nmap -p 445 <target> --script=smb-vuln-ms10-054 --script-args unsafe
Script Output
Host script results: | smb-vuln-ms10-054: | VULNERABLE: | SMB remote memory corruption vulnerability | State: VULNERABLE | IDs: CVE:CVE-2010-2550 | Risk factor: HIGH CVSSv2: 10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Description: | The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, | Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 | does not properly validate fields in an SMB request, which allows remote attackers | to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability." | | Disclosure date: 2010-08-11 | References: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2550 |_ http://seclists.org/fulldisclosure/2010/Aug/122
Requires
Author: Aleksandar Nikolic
License: Same as Nmap--See http://nmap.org/book/man-legal.html