[65] in Security FYI
Windows 95, 98, 98se and ME sharing vulnerability
daemon@ATHENA.MIT.EDU (Jonathan McIndoe Hunt)
Tue Oct 17 17:56:00 2000
Message-Id: <5.0.0.25.0.20001017171828.02806428@hesiod>
Date: Tue, 17 Oct 2000 17:53:39 -0400
To: security-fyi@mit.edu
From: Jonathan McIndoe Hunt <jmhunt@MIT.EDU>
Cc: security-internal@mit.edu
Mime-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A vulnerability exists in the password verification scheme utilized by
Microsoft Windows 9x NETBIOS protocol implementation. This vulnerability
will allow any user to access the Windows 9x file shared service with
password protection. Attackers don't have to know the share password. A
complete description of the vulnerability is available at
<http://www.nsfocus.com/english/homepage/sa_05.htm>.
A patch is available from Microsoft at
<http://www.microsoft.com/technet/security/bulletin/MS00-072.asp>.
If you use or intend to use share level passwords on a Windows 9x system,
you should apply the patch from Microsoft.
Jonathan
_____________________________________________
Jonathan McIndoe Hunt
W92-191 617.253.0172
Massachusetts Institute of Technology
Network Security Team <net-security@mit.edu>
http://web.mit.edu/net-security/
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBOezKY8/KqE8/LLXXEQJjWgCgvujn41FRCIVu647pB06Mh4WZI0sAoP9Y
b3+4s5hhbBSNUyYDW/tgvrPf
=3JGP
-----END PGP SIGNATURE-----
