Bugtraq mailing list archives
Re: Internet Explorer Bug #4
From: rkuhljr () PUERIDOMUS BR (Rubens Kuhl Jr.)
Date: Sat, 15 Mar 1997 18:05:59 -0300
From: Steve Birnbaum <sbirn () NETMEDIA NET IL> To: BUGTRAQ () NETSPACE ORG Subject: Re: Internet Explorer Bug #4 Date: Sábado, 15 de Março de 1997 15:44 Forgetting about finding a way to get someone to sit down on the console of the NT machine and trying to get to your web site, is it possible to spoof a WINS sync to that NT server? Hobbit's paper shows that NT trusts you to be who you say you are when connecting for a CIFS share. I'm curious if there is any more security involved in the case of an NT server that is set up to syncronize WINS tables with other NT servers.
WINS syncing is guarded by machine accounts (when the servers belong to the same domain) or by domain trust relationships, not by machine names. Rubens Kuhl Jr.
Current thread:
- Re: Internet Explorer Bug #4 Dominique Brezinski (Mar 14)
- Re: Internet Explorer Bug #4 Paul (Mar 16)
- bin/2983: Security bug (buffer overflow) in lib/libterm/tgoto.c Aleph One (Mar 16)
- Re: Internet Explorer Bug #4 Aaron Spangler (Mar 18)
- <Possible follow-ups>
- Re: Internet Explorer Bug #4 Alain Thivillon (Mar 15)
- Re: Internet Explorer Bug #4 Steve Birnbaum (Mar 15)
- Re: Internet Explorer Bug #4 Rubens Kuhl Jr. (Mar 15)
- Re: Internet Explorer Bug #4 Rubens Kuhl Jr. (Mar 15)