|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <00af01bffb4d$1d66e780$e24afea9@currans9801> Date: Mon, 31 Jul 2000 20:12:00 -0400 Reply-To: patsw@bellatalantic.net From: "Patrick R. Sweeney" <patsw@BELLATLANTIC.NET> X-To: Peter W <peterw@USA.NET> To: BUGTRAQ@SECURITYFOCUS.COM In-Reply-To: <Pine.LNX.4.21.0007291500580.16274-100000@localhost> I take this as an indication that they have not addressed this in Win9x and do not intend to address it there. I do not take it as an indication that this vulnerability does not exist there. Assuming a subnet of all win9x machines I would assume this could act as a DoS for browsing - duplicate the name of the Master Browser for the subnet, or for accessing shares of a particular machine perhaps. I don't expect this would cause issues with WINS registration, Authentication against a DC, etc. I would have to check the various resolution orders which can be specified for NetBIOS names, but if I am looking to the WINS server before the subnet's Master Browser then I am not certain you can really cause an effective DoS by spoofing a win9x box in a mixed environment (In this case Win9x and NT - at least) where WINS is working. I think you would have to be peer-to-peer, or have broken WINS, or absent WINS. Assuming you were absent WINS, the PDC was specified on the subnet Master Browser in an LMHosts file, the PDC was not otherwise specified on the local machines, no NT or SaMBa boxes on the subnet, and the results of any election were forced in the registry, then I suppose you could reliably cause a DoS by spoofing the Subnet Master Browser's netBIOS name on another box in the same subnet. Are there other potential DoS conditions from spoofing Win9x boxes from this vulnerability? -----Original Message----- From: Bugtraq List [mailto:BUGTRAQ@SECURITYFOCUS.COM]On Behalf Of Peter W Sent: Saturday, July 29, 2000 3:04 PM To: BUGTRAQ@SECURITYFOCUS.COM Subject: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) COVERT says that the problem they reported also occurs on Windows 95 and Windows 98. Why are those OS'es not listed here? -Peter At 5:58pm Jul 27, 2000, Microsoft Product Security wrote: > Patch Available for "NetBIOS Name Server Protocol Spoofing" > Vulnerability > Originally Posted: July 27, 2000 > Affected Software Versions > ========================== > - Microsoft Windows NT 4.0 Workstation > - Microsoft Windows NT 4.0 Server > - Microsoft Windows NT 4.0 Server, Enterprise Edition > - Microsoft Windows NT 4.0 Server, Terminal Server Edition > - Microsoft Windows 2000 > Patch Availability > ================== > - Windows 2000: > http://www.microsoft.com/Downloads/Release.asp?ReleaseID=23370 > - Windows NT 4.0 Workstation, Server, and Server, Enterprise > Edition:Patch to be released shortly. > - Windows NT 4.0 Server, Terminal Server Edition: Patch to be > released shortly. > Acknowledgments > =============== > Microsoft thanks the following customers for working with us to > protect customers: > > COVERT Labs at PGP Security, Inc., for reporting the unsolicited > NetBIOS Name Conflict datagram issue to us. > Sir Dystic of Cult of the Dead Cow for reporting the Name Release > issue to us.
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |