MS10-049: Vulnerabilities in SChannel could allow Remote Code Execution (980436)

high Nessus Plugin ID 48286

Language:

Synopsis

It may be possible to execute arbitrary code on the remote Windows host using the Secure Channel security package.

Description

The remote Windows host is running a version of the Secure Channel (SChannel) security package that is affected by one or more of the following vulnerabilities :

- The SChannel authentication component allows a client to renegotiate the connection after the initial handshake, which could be abused to inject information into an encrypted connection, effectively sending traffic spoofing an authenticated client. (CVE-2009-3555)

- The way that SChannel validates a certificate request message sent by a server could lead to a denial of service or even allow execution of arbitrary code if an attacker can trick a user on the affected system into connecting to malicious web server over SSL or TLS. (CVE-2010-2566)

Solution

Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2010/ms10-049

Plugin Details

Severity: High

ID: 48286

File Name: smb_nt_ms10-049.nasl

Version: 1.21

Type: local

Agent: windows

Published: 8/11/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/10/2010

Vulnerability Publication Date: 11/4/2009

Reference Information

CVE: CVE-2009-3555, CVE-2010-2566

BID: 36935, 42246

CWE: 310

MSFT: MS10-049

MSKB: 980436