Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Tenable Discovers and Responds to CVE 2015-2474 (Updated)

August 11, 2015 • 2 Min Read
by Cris Thomas 
Blog Home / Products

At Tenable, we love bug reports; they give us opportunities to make our software even better. Recently, a customer was having some issues with a credentialed patch audit of his network (https://discussions.tenable.com/message/31190). In the process of solving this issue, our engineers discovered a problem with how SMB v1 server logs error messages. Of course, we dutifully reported the issue to Microsoft, and today they issued Security Bulletin MS15-083 for CVE-2015-2474.

The issue in question impacts Windows Vista SP2 and Windows Server 2008 SP2 on both 32-bit and x64 based systems as well as the Server Core installations of Server 2008. In all cases, the severity of the vulnerability is listed as Important, meaning you should patch as soon as you can. If for some reason you can’t install the supplied Microsoft patch right away, you could disable SMBv1 or the Extended Protection for Authentication in SMB; but it’s much easier to just install the patch.

An SPN or Service Principal Name is the name by which a client uniquely identifies an instance of a service. When authenticating to the SMB server, the client can provide the SPN of the server. The SMB server can validate the client-provided SPN depending on the server configuration. To exploit this issue, an attacker must first supply a valid credential as part of the SMB v1 authentication and create a specially crafted extra long SPN in an SMB v1 authentication packet. When the system attempts to use this extra long SPN, it will fail and attempt to write the SPN to a log. The amount of memory reserved for SPNs isn’t big enough, which can allow an attacker to overwrite portions of memory and execute code.

Install the supplied Microsoft patch right away

As far as we know right now, this vulnerability is not being exploited in the wild. Bad guys act quickly these days, so install that patch as soon as you can.

Tenable engineers have released plugin 85321 to detect this vulnerability and it is now available via the feed.

We will update this blog as events warrant.

Related Articles

Foreshadow: Speculative Execution Attack Targets Intel SGX

August 14, 2018

A flaw in Intel’s Software Guard Extensions implementation allows an attacker to access data stored in memory of other applications running on the same host, without the need for privilege escalation....

Ryan Seguin

Ryan Seguin

Advisory: Red Hat DHCP Client Command Injection Trouble

May 17, 2018

On May 15, Red Hat disclosed a critical vulnerability in a script included in NetworkManager for the Dynamic Host Configuration Protocol (DHCP) client on Red Hat Enterprise Linux (RHEL). The vulnerabi...

Steve Tilson

Steve Tilson

Advisory: Intel...Simply Misunderstood?

May 11, 2018

To close numerous security gaps, Microsoft, Adobe, Apple, Red Hat, Xen, VMware and other vendors have released a number of patches in the first 10 days of May. We discussed some of these in our recent...

Steve Tilson

Steve Tilson

Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security

April 19, 2024

Check out recommendations for securing AI systems from the Five Eyes cybersecurity agencies. Plus, Stanford University offers a comprehensive review of AI trends. Meanwhile, a new open-source tool aims to simplify SBOM usage. And don’t miss the latest CIS Benchmarks updates. And much more!

Juan Perez

Juan Perez

Tenable and Thales Collaborate to Provide Cyber Defense Simulations to Better Secure Operational Technology Environments

April 18, 2024

The heart of the Welsh Valleys is home to the Thales Ebbw Vale campus, a world-class facility jointly funded by the Welsh government as part of its regeneration program for the region. At the core of the facility is the Cyber Range, a simulation and virtualization platform for training, testing, exercising and R&D. Tenable has joined the lineup of solutions used to run real world simulations in this controlled environment.

Chris Baker

Chris Baker

Oracle April 2024 Critical Patch Update Addresses 239 CVEs

April 17, 2024

Oracle addresses 239 CVEs in its second quarterly update of 2024 with 441 patches, including 38 critical updates.

Scott Caveza

Scott Caveza

  • Plugins
  • Threat Intelligence
  • Threat Management
  • Vulnerability Management
  • Vulnerability Scanning

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Try for Free Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try for Free Buy Now

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Buy Now
Renew an existing license | Find a reseller
Try for Free Buy Now

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training

Buy Now
Renew an existing license | Find a reseller