MS03-039 Exploitation Backdoor Account Detection

critical Nessus Plugin ID 11839

Synopsis

The remote host has evidence of being compromised by a widely known exploit.

Description

It was possible to log into the remote host with the login 'e' and the password 'asd#321'.
A widely available exploit, using one of the vulnerabilities described in the Microsoft Bulletin MS03-039 creates such an account. This probably means that the remote host has been compromised by the use of this exploit.

Solution

Re-install the operating system on this host, as it has been compromised.

See Also

http://www.nessus.org/u?7d4c61df

https://seclists.org/fulldisclosure/2003/Sep/834

Plugin Details

Severity: Critical

ID: 11839

File Name: smb_login_as_e.nasl

Version: 1.30

Type: local

Family: Backdoors

Published: 9/17/2003

Updated: 9/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2003-0528

CVSS v3

Risk Factor: Critical

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/ProductName

Excluded KB Items: global_settings/supplied_logins_only, SMB/any_login

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/10/2003

Vulnerability Publication Date: 9/10/2003

Reference Information

CVE: CVE-2003-0528

BID: 8459

MSFT: MS03-039

MSKB: 824146