Script smb-vuln-regsvc-dos

Script types: hostrule
Categories: intrusive, exploit, dos, vuln
Download: https://svn.nmap.org/nmap/scripts/smb-vuln-regsvc-dos.nse

Script Summary

Checks if a Microsoft Windows 2000 system is vulnerable to a crash in regsvc caused by a null pointer dereference. This check will crash the service if it is vulnerable and requires a guest account or higher to work.

The vulnerability was discovered by Ron Bowes while working on smb-enum-sessions and was reported to Microsoft (Case #MSRC8742).

This check was previously part of smb-check-vulns.

Script Arguments

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

randomseed, smbbasic, smbport, smbsign

See the documentation for the smb library.

vulns.short, vulns.showall

See the documentation for the vulns library.

Example Usage

nmap --script smb-vuln-regsvc-dos.nse -p445 <host>
nmap -sU --script smb-vuln-regsvc-dos.nse -p U:137,T:139 <host>

Script Output

| smb-vuln-regsvc-dos:
|   VULNERABLE:
|   Service regsvc in Microsoft Windows systems vulnerable to denial of service
|     State: VULNERABLE
|       The service regsvc in Microsoft Windows 2000 systems is vulnerable to denial of service caused by a null deference
|       pointer. This script will crash the service if it is vulnerable. This vulnerability was discovered by Ron Bowes
|       while working on smb-enum-sessions.
|_

Requires


Authors:

  • Ron Bowes
  • Jiayi Ye
  • Paulino Calderon <calderon()websec.mx>

License: Same as Nmap--See https://nmap.org/book/man-legal.html