Microsoft Windows SMB Registry : NT RAS Administration Registry Key Permission Weakness Local Privilege Escalation

Medium Nessus Plugin ID 10567


Local users can gain additional privileges.


This script checks whether the following key can be modified by non-admins :


Write access to this key allows an unprivileged user to gain additional privileges.


Use regedt32 and set the permissions of this key to :

- admin group : Full Control
- system : Full Control
- everyone : Read

See Also

Plugin Details

Severity: Medium

ID: 10567

File Name: smb_reg_ras_access.nasl

Version: $Revision: 1.36 $

Type: local

Agent: windows

Family: Windows

Published: 2000/12/08

Modified: 2017/12/19

Dependencies: 10400, 10394, 10150

Risk Information

Risk Factor: Medium


Base Score: 4.6

Temporal Score: 4.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:W/RC:ND

Vulnerability Information

Required KB Items: SMB/transport, SMB/name, SMB/login, SMB/password, SMB/registry_access

Vulnerability Publication Date: 2000/12/06

Reference Information

CVE: CVE-2001-0045

BID: 2064

OSVDB: 466

MSFT: MS00-095