Vulnerabilities > CVE-2001-0016 - Unspecified vulnerability in Microsoft Windows NT

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microsoft
nessus

Summary

NTLM Security Support Provider (NTLMSSP) service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access.

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS01-008.NASL
descriptionThe hotfix for the
last seen2020-06-01
modified2020-06-02
plugin id10693
published2001-06-15
reporterThis script is Copyright (C) 2001-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10693
titleMS01-008: NTLMSSP Local Privilege Escalation (280119)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(10693);
 script_version("1.46");
 script_cvs_date("Date: 2018/11/15 20:50:29");

 script_cve_id("CVE-2001-0016");
 script_bugtraq_id(2348);
 script_xref(name:"MSFT", value:"MS01-008");
 script_xref(name:"MSKB", value:"280119");

 script_name(english:"MS01-008: NTLMSSP Local Privilege Escalation (280119)");
 script_summary(english:"Determines whether the hotfix Q280119 is installed");

 script_set_attribute(attribute:"synopsis", value:
"A bug in the remote operating system allows a local user to elevate
privileges.");
 script_set_attribute(attribute:"description", value:
"The hotfix for the 'NTLMSSP Privilege Escalation' problem has not
been applied.  This hotfix corrects a problem in Windows NT that could
allow a local process to execute code with the privileges of the
NTLMSSP service provider.

This vulnerability allows a malicious user, who has the right to log
on this host locally, to gain additional privileges.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2001/ms01-008");
 script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for NT 4.0.");
 script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
 script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"2001/02/07");
 script_set_attribute(attribute:"patch_publication_date", value:"2001/02/07");
 script_set_attribute(attribute:"plugin_publication_date", value:"2001/06/15");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2001-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, "Host/patch_management_checks");

 exit(0);
}

include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS01-008';
kb = "280119";

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);


get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp(nt:7) <= 0) exit(0, "The host is not affected based on its version / service pack.");


if (
  hotfix_missing(name:"Q299444") > 0 &&
  hotfix_missing(name:"Q280119") > 0
)
{
  if (
    defined_func("report_xml_tag") &&
    !isnull(bulletin) &&
    !isnull(kb)
  ) report_xml_tag(tag:bulletin, value:kb);

  hotfix_security_hole();
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  exit(0);
}
else exit(0, "The host is not affected.");