Vulnerabilities > CVE-2014-4072 - Resource Management Errors vulnerability in Microsoft .Net Framework

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
microsoft
CWE-399
nessus

Summary

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly use a hash table for request data, which allows remote attackers to cause a denial of service (resource consumption and ASP.NET performance degradation) via crafted requests, aka ".NET Framework Denial of Service Vulnerability."

Common Weakness Enumeration (CWE)

Msbulletin

bulletin_idMS14-053
bulletin_url
date2014-09-09T00:00:00
impactDenial of Service
knowledgebase_id2990931
knowledgebase_url
severityImportant
titleVulnerability in .NET Framework Could Allow Denial of Service

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS14-053.NASL
descriptionThe remote Windows host has a version of the Microsoft .NET Framework that is affected by a vulnerability that allows a remote attacker to cause a denial of service by sending specially crafted requests to an ASP.NET web application running on the affected system. Note that ASP.NET is not installed by default and ASP.NET must be registered and enabled for the host to be affected.
last seen2020-06-01
modified2020-06-02
plugin id77573
published2014-09-10
reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/77573
titleMS14-053: Vulnerability in .NET Framework Could Allow Denial of Service (2990931)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(77573);
  script_version("1.13");
  script_cvs_date("Date: 2018/11/15 20:50:31");

  script_cve_id("CVE-2014-4072");
  script_bugtraq_id(69603);
  script_xref(name:"MSFT", value:"MS14-053");
  script_xref(name:"MSKB", value:"2972207");
  script_xref(name:"MSKB", value:"2972211");
  script_xref(name:"MSKB", value:"2972212");
  script_xref(name:"MSKB", value:"2972213");
  script_xref(name:"MSKB", value:"2972214");
  script_xref(name:"MSKB", value:"2972215");
  script_xref(name:"MSKB", value:"2972216");
  script_xref(name:"MSKB", value:"2973112");
  script_xref(name:"MSKB", value:"2973113");
  script_xref(name:"MSKB", value:"2973114");
  script_xref(name:"MSKB", value:"2973115");
  script_xref(name:"MSKB", value:"2974268");
  script_xref(name:"MSKB", value:"2974269");
  script_xref(name:"MSKB", value:"2977765");
  script_xref(name:"MSKB", value:"2977766");

  script_name(english:"MS14-053: Vulnerability in .NET Framework Could Allow Denial of Service (2990931)");
  script_summary(english:"Checks the version of the .NET files.");

  script_set_attribute(attribute:"synopsis", value:
"The version of the .NET Framework installed on the remote host is
affected by a denial of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host has a version of the Microsoft .NET Framework
that is affected by a vulnerability that allows a remote attacker to
cause a denial of service by sending specially crafted requests to an
ASP.NET web application running on the affected system.

Note that ASP.NET is not installed by default and ASP.NET must be
registered and enabled for the host to be affected.");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-053");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for .NET Framework 1.1 SP1,
2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, and 4.5.2.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/09/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:.net_framework");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl", "microsoft_net_framework_installed.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_reg_query.inc");
include("misc_func.inc");
include("install_func.inc");

# Windows Embedded is not supported by Nessus
# There are cases where this plugin is flagging embedded
# hosts improperly since this update does not apply
# to those machines
productname = get_kb_item("SMB/ProductName");
if ("Windows Embedded" >< productname)
  exit(0, "Nessus does not support bulletin / patch checks for Windows Embedded.");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS14-053';
kbs = make_list(
  "2972207",
  "2972211",
  "2972212",
  "2972213",
  "2972214",
  "2972215",
  "2972216",
  "2973112",
  "2973113",
  "2973114",
  "2973115",
  "2974268",
  "2974269",
  "2977765",
  "2977766"
);

if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win2003:'2', vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

# Windows 2008 Server Server Core is not affected.
if ('6.0' >< get_kb_item("SMB/WindowsVersion") && hotfix_check_server_core()) audit(AUDIT_WIN_SERVER_CORE);

share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

dotnet_452_installed = FALSE;
dotnet_451_installed = FALSE;
dotnet_45_installed  = FALSE;

# Determine if .NET 4.5, 4.5.1, or 4.5.2 is installed
count = get_install_count(app_name:'Microsoft .NET Framework');
if (count > 0)
{
  installs = get_installs(app_name:'Microsoft .NET Framework');
  foreach install(installs[1])
  {
    ver = install["version"];
    if (ver == "4.5") dotnet_45_installed = TRUE;
    if (ver == "4.5.1") dotnet_451_installed = TRUE;
    if (ver == "4.5.2") dotnet_452_installed = TRUE;
  }
}

registry_init();
hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);
assembly_dir_30 = get_registry_value(handle:hklm, item:"SOFTWARE\Microsoft\.NETFramework\AssemblyFolders\v3.0\All Assemblies In");
RegCloseKey(handle:hklm);
close_registry(close:FALSE);

vuln = 0;

########## KB2977765 ###########
# .NET Framework 4.5.1 / 4.5.2 #
# Windows 8.1                  #
# Windows RT 8.1               #
# Windows Server 2012 R2       #
################################
missing = 0;
if (dotnet_451_installed || dotnet_452_installed)
{
  missing += hotfix_is_vulnerable(os:"6.3", sp:0, file:"system.runtime.serialization.dll", version:"4.0.30319.34209", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319");
  missing += hotfix_is_vulnerable(os:"6.3", sp:0, file:"system.runtime.serialization.dll", version:"4.0.30319.36213", min_version:"4.0.30319.35000", dir:"\Microsoft.NET\Framework\v4.0.30319");
}

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2977765");
vuln += missing;

########### KB2977766 ############
# .NET Framework 4.5/4.5.1/4.5.2 #
# Windows 8                      #
# Windows RT                     #
# Windows Server 2012            #
##################################
missing = 0;
if (dotnet_45_installed || dotnet_451_installed || dotnet_452_installed)
{
  missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"system.runtime.serialization.dll", version:"4.0.30319.34230", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319");
  missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"system.runtime.serialization.dll", version:"4.0.30319.36241", min_version:"4.0.30319.35000", dir:"\Microsoft.NET\Framework\v4.0.30319");
}

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2977766");
vuln += missing;

########### KB2972216 ############
# .NET Framework 4.5/4.5.1/4.5.2 #
# Windows Vista SP2              #
# Windows Server 2008 SP2        #
# Windows 7 SP1                  #
# Windows Server 2008 R2 SP1     #
##################################
missing = 0;
if (dotnet_45_installed || dotnet_451_installed || dotnet_452_installed)
{
  # Windows Vista/Server 2008 SP2
  missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"system.runtime.serialization.dll", version:"4.0.30319.34234", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319");
  # Windows 7/Server 2008 R2 SP1
  missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"system.runtime.serialization.dll", version:"4.0.30319.34234", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319");
}

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2972216");
vuln += missing;

########### KB2972215 ############
# .NET Framework 4               #
# Windows Vista SP2              #
# Windows Server 2008 SP2        #
# Windows 7 SP1                  #
# Windows Server 2008 R2 SP1     #
# Windows Server 2003 SP2        #
##################################
missing = 0;

# Windows Server 2003 SP2
missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"system.runtime.serialization.dll", version:"4.0.30319.1026", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319");
# Windows Vista/Server 2008 SP2
missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"system.runtime.serialization.dll", version:"4.0.30319.1026", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319");
# Windows 7/Server 2008 R2 SP1
missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"system.runtime.serialization.dll", version:"4.0.30319.1026", min_version:"4.0.30319.0", dir:"\Microsoft.NET\Framework\v4.0.30319");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2972215");
vuln += missing;

########### KB2973112 ############
# .NET Framework 3.5.1           #
# Windows 7 SP1                  #
# Windows Server 2008 R2 SP1     #
##################################
if (!isnull(assembly_dir_30))
{
  missing = 0;
  missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"system.runtime.serialization.dll", version:"3.0.4506.5463", min_version:"3.0.4506.5000", path:assembly_dir_30);
  missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"system.runtime.serialization.dll", version:"3.0.4506.8635", min_version:"3.0.4506.7000", path:assembly_dir_30);

  if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2973112");
  vuln += missing;
}

########### KB2972211 ############
# .NET Framework 3.5.1           #
# Windows 7 SP1                  #
# Windows Server 2008 R2 SP1     #
##################################
missing = 0;

missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"mscorlib.dll", version:"2.0.50727.5485", min_version:"2.0.50727.5000", dir:"\Microsoft.NET\Framework\v2.0.50727");
missing += hotfix_is_vulnerable(os:"6.1", sp:1, file:"mscorlib.dll", version:"2.0.50727.7071", min_version:"2.0.50727.7000", dir:"\Microsoft.NET\Framework\v2.0.50727");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2972211");
vuln += missing;

########## KB2973114 ###########
# .NET Framework 3.5           #
# Windows 8.1                  #
# Windows Server 2012 R2       #
################################
if (!isnull(assembly_dir_30))
{
  missing = 0;
  missing += hotfix_is_vulnerable(os:"6.3", sp:0, file:"system.identitymodel.dll", version:"3.0.4506.8002", min_version:"3.0.4506.0", path:assembly_dir_30);

  if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2973114");
  vuln += missing;
}

########## KB2972213 ###########
# .NET Framework 3.5           #
# Windows 8.1                  #
# Windows Server 2012 R2       #
################################
missing = 0;

missing += hotfix_is_vulnerable(os:"6.3", sp:0, file:"mscorwks.dll", version:"2.0.50727.8009", min_version:"2.0.50727.7000", dir:"\Microsoft.NET\Framework\v2.0.50727");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2972213");
vuln += missing;

########## KB2973113 ###########
# .NET Framework 3.5           #
# Windows 8                    #
# Windows Server 2012          #
################################
if (!isnull(assembly_dir_30))
{
  missing = 0;
  missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"system.identitymodel.dll", version:"3.0.4506.6415", min_version:"3.0.4506.6000", path:assembly_dir_30);
  missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"system.identitymodel.dll", version:"3.0.4506.8635", min_version:"3.0.4506.7000", path:assembly_dir_30);

  if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2973113");
  vuln += missing;
}
########## KB2972212 ###########
# .NET Framework 3.5           #
# Windows 8                    #
# Windows Server 2012          #
################################
missing = 0;
missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"mscorlib.dll", version:"2.0.50727.6421", min_version:"2.0.50727.6000", dir:"\Microsoft.NET\Framework\v2.0.50727");
missing += hotfix_is_vulnerable(os:"6.2", sp:0, file:"mscorlib.dll", version:"2.0.50727.7071", min_version:"2.0.50727.7000", dir:"\Microsoft.NET\Framework\v2.0.50727");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2972212");
vuln += missing;

########### KB2974269 ############
# .NET Framework 3.0 SP2         #
# Windows Vista SP2              #
# Windows Server 2008 SP2        #
##################################
if (!isnull(assembly_dir_30))
{
  missing = 0;
  missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"system.runtime.serialization.dll", version:"3.0.4506.4222", min_version:"3.0.4506.4000", path:assembly_dir_30);
  missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"system.runtime.serialization.dll", version:"3.0.4506.8635", min_version:"3.0.4506.5000", path:assembly_dir_30);

  if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2974269");
  vuln += missing;
}
########### KB2973115 ############
# .NET Framework 3.0 SP2         #
# Windows Server 2003 SP2        #
##################################
if (!isnull(assembly_dir_30))
{
  missing = 0;
  missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"system.runtime.serialization.dll", version:"3.0.4506.4068", min_version:"3.0.4506.4000", path:assembly_dir_30);

  if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2973115");
  vuln += missing;
}

########### KB2974268 ############
# .NET Framework 2.0 SP2         #
# Windows Vista SP2              #
# Windows Server 2008 SP2        #
##################################
missing = 0;
missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"mscorlib.dll", version:"2.0.50727.7071", min_version:"2.0.50727.5000", dir:"\Microsoft.NET\Framework\v2.0.50727");
missing += hotfix_is_vulnerable(os:"6.0", sp:2, file:"mscorlib.dll", version:"2.0.50727.4253", min_version:"2.0.50727.4000", dir:"\Microsoft.NET\Framework\v2.0.50727");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2974268");
vuln += missing;

########### KB2972214 ############
# .NET Framework 2.0 SP2         #
# Windows Server 2003 SP2        #
##################################
missing = 0;
missing += hotfix_is_vulnerable(os:"5.2", sp:2, file:"mscorlib.dll", version:"2.0.50727.3662", dir:"\Microsoft.NET\Framework\v2.0.50727");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2972214");
vuln += missing;

########### KB2972207 ############
# .NET Framework 1.1 SP1         #
# Windows Server 2003 SP2        #
##################################
missing = 0;
missing += hotfix_is_vulnerable(os:"5.2", arch:"x86", sp:2, file:"mscorlib.dll", version:"1.1.4322.2510", min_version:"1.1.4322.2000", dir:"\Microsoft.NET\Framework\v1.1.4322");

if (missing > 0) hotfix_add_report(bulletin:bulletin, kb:"2972207");
vuln += missing;

if(vuln > 0)
{
  set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_warning();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, "affected");
}