Script `smb-vuln-ms10-054`

Script types: hostrule
Categories: vuln, intrusive, dos
Download: https://svn.nmap.org/nmap/scripts/smb-vuln-ms10-054.nse

Script Summary

Tests whether target machines are vulnerable to the ms10-054 SMB remote memory corruption vulnerability.

The vulnerable machine will crash with BSOD.

The script requires at least READ access right to a share on a remote machine. Either with guest credentials or with specified username/password.

Script Arguments

smb-vuln-ms10-054.share: Share to connect to (defaults to SharedDocs)
unsafe: Required to run the script, "safety swich" to prevent running it by accident
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername: See the documentation for the smbauth library.
randomseed, smbbasic, smbport, smbsign: See the documentation for the smb library.
vulns.short, vulns.showall: See the documentation for the vulns library.

Example Usage

nmap  -p 445 <target> --script=smb-vuln-ms10-054 --script-args unsafe

Script Output

Host script results:
| smb-vuln-ms10-054:
|   VULNERABLE:
|   SMB remote memory corruption vulnerability
|     State: VULNERABLE
|     IDs:  CVE:CVE-2010-2550
|     Risk factor: HIGH  CVSSv2: 10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
|     Description:
|       The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,
|       Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
|       does not properly validate fields in an SMB request, which allows remote attackers
|       to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
|
|     Disclosure date: 2010-08-11
|     References:
|       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2550
|_      http://seclists.org/fulldisclosure/2010/Aug/122

Requires

Author:

Aleksandar Nikolic