[4457] in bugtraq
New Win95 OOB fix allows Netbios to be used
daemon@ATHENA.MIT.EDU (Aaron Weintraub)
Mon May 12 17:48:29 1997
Date: Mon, 12 May 1997 15:50:36 -0400
Reply-To: Aaron Weintraub <aaronw@POBOX.COM>
From: Aaron Weintraub <aaronw@POBOX.COM>
X-To: bugtraq@crimelab.com
To: BUGTRAQ@NETSPACE.ORG
--
readme.txt
May 12, 1997
2pm EDT
NOTE: WORKS ON WINDOWS 95 ONLY. DO NOT APPLY TO WINDOWS NT
This is the latest and best(?) fix for the Windows 95 OOB hole that allows
anyone
to crash your machine. This fix works on all releases of Windows 95
(950/950a and 950b/OSR2).
This patch *does* allow Netbios to work as it usually does (e.g. LAN f/p
sharing)
Simply double click on the .reg file included in this zip and reboot.
You may then undo whatever temporary fix you have done. To undo it, you
must use regedit
to remove the BSDUrgent key entirely. Please let either one of us know of
any troubles.
Here is a direct quote from my source (for win95)
http://www.microsoft.com/kb/articles/q158/4/74.htm
Hkey_Local_Machine\System\CurrentControlSet\Services\VxD\MSTCP
BSDUrgent = 0 or 1
If this value is 1, specifies that Microsoft TCP/IP is to treat urgent data
the way some
UNIX systems do (with a maximum of 1 byte of urgent data, for example). If
this value is
0, it specifies that the stack is to handle urgent data as specified by RFC
1122. The
default is 1.
--Note: I do not know what else this will break. I have tried several
apps on my machine
and they all appear to be unaffected.
Aaron Weintraub
aaronw@pobox.com
Skream
skream@coca.net
http://www.mydesktop.com/ for the latest in breaking news.
----
fix_oob.reg
REGEDIT4
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP]
"BSDUrgent"="0"
