[8708] in bugtraq
Re: Microsoft's Network Monitor - Buffer Overrun / Page Fault / V
daemon@ATHENA.MIT.EDU (Friedrichs, Oliver)
Wed Dec 16 12:13:23 1998
Date: Tue, 15 Dec 1998 14:51:09 -0800
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: "Friedrichs, Oliver" <Oliver_Friedrichs@NAI.COM>
To: BUGTRAQ@NETSPACE.ORG
>There is a problem with both the SMS version of Network Monitor
>and the version on the NT Server 4 CD-ROM whereby if it "sniffs"
>a NetBIOS session request from a machine where the NetBIOS Scope
>ID is 190 or more characters when the capture is stopped and the
>results are viewed the Network Monitor process (netmon.exe)
>experiences a memory problem.
I found this awhile ago as well. The same type of overflow also
occurs virtually anytime it decodes a NetBIOS name larger than
15 characters.
What scares me more are network based ID systems which may
do something similar when decoding packets.
- Oliver
Network Associates, Inc.