关联漏洞
标题:
微软 Microsoft SMBv3 缓冲区错误漏洞
(CVE-2020-0796)
描述:Microsoft SMBv3是美国微软(Microsoft)公司的一个为设备提供SMB功能的支持固件。 Microsoft Server Message Block 3.1.1 (SMBv3)版本中存在缓冲区错误漏洞,该漏洞源于SMBv3协议在处理恶意压缩数据包时,进入了错误流程。远程未经身份验证的攻击者可利用该漏洞在应用程序中执行任意代码。以下产品及版本受到影响:Microsoft Windows 10版本1903,Windows Server版本1903,Windows 10版本1909,Windo
描述
Scanners List - Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)
介绍
# Scanners-for-CVE-2020-0796-Testing
Scanners List - Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)
Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) ScannersList
A critical remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 protocol handles certain requests. An unauthenticated attacker could exploit the vulnerability to execute arbitrary code on SMB server by sending a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it.
Below is the list of scanners available till now
1. ollypwn/SMBGhost-Scanner for CVE-2020-0796-SMBv3 RCE - https://github.com/ollypwn/SMBGhost
2. cve-2020-0796/cve-2020-0796 CVE-2020-0796-a wormable SMBv3 vulnerability. https://github.com/cve-2020-0796/cve-2020-0796
3. ClarotyICS/CVE2020-0796 CVE2020-0796 SMBv3 RCE - Multiple scripts and detection tools to check if a Windows machine has SMBv3 protocol enabled with the compression feature. A. NSE script B. Python script C. Snort rules alerting on compressed SMB traffic, and compression-enabled hosts - https://github.com/ClarotyICS/CVE2020-0796
4. joaozietolie/CVE-2020-0796-Checker Script that checks if the system is vulnerable to CVE-2020-0796 (SMB v3.1.1) - https://github.com/joaozietolie/CVE-2020-0796-Checker
5. Aekras1a/CVE-2020-0796-PoC Weaponized PoC for SMBv3 CP codec/compression vulnerability - https://github.com/Aekras1a/CVE-2020-0796-PoC
6. technion/DisableSMBCompression CVE-2020-0796 Flaw Mitigation - Active Directory Administrative - https://github.com/technion/DisableSMBCompression
7. dickens88/cve-2020-0796-scanner This project is used for scanning cve-2020-0796 SMB vulnerability - https://github.com/dickens88/cve-2020-0796-scanner
8. pr4jwal/CVE-2020-0796 - NSE script to potentially detect vulnerable CVE-2020-0796 issue, with Microsoft SMBv3 Compression (aka coronablue, SMBGhost) - https://github.com/pr4jwal/CVE-2020-0796
9. ButrintKomoni/cve-2020-0796 - Python scanner for Identifying and Mitigating the CVE-2020–0796 flaw in the fly - https://github.com/ButrintKomoni/cve-2020-0796
10. kn6869610/CVE-2020-0796 - Another Simple scanner for CVE-2020-0796 - SMBv3 RCE -https://github.com/kn6869610/CVE-2020-0796
11. xax007/CVE-2020-0796-Scanner - CVE-2020-0796 SMBv3.1.1 Compression Capability Vulnerability Scanner - https://github.com/xax007/CVE-2020-0796-Scanner
12. Detecting CVE-2020-0796 with Qualys VM - https://blog.qualys.com/laws-of-vulnerabilities/2020/03/11/microsoft-windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796 Qualys has issued QID 91614 for Qualys Vulnerability Management that covers CVE-2020-0796 across all impacted operating systems. This QID will be included in signature version VULNSIGS-2.4.837-4, and requires authenticated scanning or the Qualys Cloud Agent.QID 91614 : Microsoft Guidance for Disabling SMBv3 Compression Not Applied (ADV200005)
This QID checks if SMBv3 is enabled on the host and if the following workaround is not applied –
“HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameter”; DisableCompression -Type DWORD -Value 1
You can search for this within the VM Dashboard by using the following QQL query:
文件快照
[4.0K] /data/pocs/028013eac41d7f31465b81264f16fe15d734354f
└── [3.3K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。