Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Discovers and Responds to CVE 2015-2474 (Updated)

At Tenable, we love bug reports; they give us opportunities to make our software even better. Recently, a customer was having some issues with a credentialed patch audit of his network (https://discussions.tenable.com/message/31190). In the process of solving this issue, our engineers discovered a problem with how SMB v1 server logs error messages. Of course, we dutifully reported the issue to Microsoft, and today they issued Security Bulletin MS15-083 for CVE-2015-2474.

The issue in question impacts Windows Vista SP2 and Windows Server 2008 SP2 on both 32-bit and x64 based systems as well as the Server Core installations of Server 2008. In all cases, the severity of the vulnerability is listed as Important, meaning you should patch as soon as you can. If for some reason you can’t install the supplied Microsoft patch right away, you could disable SMBv1 or the Extended Protection for Authentication in SMB; but it’s much easier to just install the patch.

An SPN or Service Principal Name is the name by which a client uniquely identifies an instance of a service. When authenticating to the SMB server, the client can provide the SPN of the server. The SMB server can validate the client-provided SPN depending on the server configuration. To exploit this issue, an attacker must first supply a valid credential as part of the SMB v1 authentication and create a specially crafted extra long SPN in an SMB v1 authentication packet. When the system attempts to use this extra long SPN, it will fail and attempt to write the SPN to a log. The amount of memory reserved for SPNs isn’t big enough, which can allow an attacker to overwrite portions of memory and execute code.

Install the supplied Microsoft patch right away

As far as we know right now, this vulnerability is not being exploited in the wild. Bad guys act quickly these days, so install that patch as soon as you can.

Tenable engineers have released plugin 85321 to detect this vulnerability and it is now available via the feed.

We will update this blog as events warrant.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.