[79] in Best-of-Security
BoS: Re: HOLE #4 REARED ITS UGLY HEAD
daemon@ATHENA.MIT.EDU (Paul Ashton)
Sat Mar 15 14:58:07 1997
Date: Sat, 15 Mar 1997 13:41:33 GMT
Reply-To: Windows NT BugTraq Mailing List <NTBUGTRAQ@RC.ON.CA>,
Paul Ashton <paul@ARGO.CO.UK>
From: Paul Ashton <paul@ARGO.CO.UK>
Errors-To: best-of-security-request@suburbia.net
To: best-of-security@suburbia.net
Resent-From: best-of-security@suburbia.net
>---snip---
>
>When it rains it pours. Nasty hole #4in IE just reared its ugly head
>moments ago. A new problem found in IE (and Netscape this time too) allows
>a Web page to force an SMB negotiation, at which point your ID and Password
>can be snagged by a rogue SMB server for later cracking attempts.
>
>---snip---
>
>The interesting thing about this is that it's hardly a "web browser
>problem", unless I have misunderstood the issue(s). In fact, the web
>browser just makes it incredibly easy to exploit an already known problem
>(as the author of the IE hold #4 page mentions).
See http://www.efsl.com/security/ntie/ for hole #5. This one is a
web browser problem embedded in the web server - browser NTLM challenge
response authentication scheme. Although similar to #4, this does not
depend on any interaction with an SMB file server.
After browsing around microsoft's web site I get the impression that
Exhange, MSN, COM, Active-X, and RPC may also possibly be subject to the
same type of problem.
Paul
