Bugtraq mailing list archives
Re: NT4.0 SP3 Still vulnerable
From: pokee () MAXWELL EE WASHINGTON EDU (Aaron Spangler)
Date: Fri, 16 May 1997 11:46:59 PDT
From: "Rubens Kuhl Jr." <rkuhljr () pueridomus br> To: <BUGTRAQ () NETSPACE ORG> Cc: "Aaron Spangler" <pokee () maxwell ee washington edu> Subject: Re: NT4.0 SP3 Still vulnerable If this bug wasn't corrected in IE 3.02, which bug has been corrected in IE 3.02 that was not available as a fix to IE 3.01 ?
IE 3.01 with all the patches is exactly the same as 3.02 (the patches were just integrated. Thats all)
It seems that SMB/CIFS designers still don't believe that is possible to get passwords this way. Enhancements are targeting only the security of CIFS servers, not the client side.
It is correct they have only been beefing up security on the server side. However most of the recent posts attack the client. I spoke with Paul Leech (one of the CIFS designers) on the phone a couple of weeks ago. He agrees the most recently posted CIFS with message signing still does not protect against a rogue server from getting the users password. However he says that future versions might be able to negotiate to have the client and server be able to choose a more random challenge. (However to be backward compatable, the server can still forcefeed the challenge if the server chooses the right compatability options on startup) Also Paul said that Future CIFS requests on NT as a client will still contain the old broken Lanman Hash! He says he cant get rid of it because many Win 95 clients ONLY speek the Lanman Hash. I asked him why he cant make an NT only give the NT hash. He said, well what if the NT box connected to a Win95 server? So it looks like they wont fix this for quite some time!
I know, and this makes this bug worse. The only possible fix to such a bug is a browser fix, to be requested every day to Microsoft...
I have sent email to MS since day one! They first told me it was a non- issue. Now they are just ignoring my requests.
Rubens Kuhl Jr.
Thanks Rubens. One further note to all: For those who contact secure () microsoft com, make sure your email is professional and friendly. After all, we are not trying to rag on Microsoft, we are simply trying to build a more secure product so more of us can run it! - Aaron -- Aaron Spangler EE Unix System Administrator Electrical Engineering FT-10 pokee () ee washington edu University of Washington Phone (206) 543-8984 Box 352500 or (206) 543-2523 Seattle, WA 98195-2500 Fax (206) 543-3842
Current thread:
- Re: NT4.0 SP3 Still vulnerable Rubens Kuhl Jr. (May 15)
- <Possible follow-ups>
- Re: NT4.0 SP3 Still vulnerable Aaron Spangler (May 16)
- Re: NT4.0 SP3 Still vulnerable Russ (May 16)
- Re: NT4.0 SP3 Still vulnerable Aaron Spangler (May 16)