Bugtraq mailing list archives
Re: Fix for SMB DOS attack posted
From: dleblanc () MINDSPRING COM (David LeBlanc)
Date: Fri, 13 Feb 1998 12:18:36 -0500
At 08:41 PM 2/13/98 -0600, Aleph One wrote:
On Fri, 13 Feb 1998, Paul Leach wrote:
A hot-fix for a DOS attack on NT file servers that had not been previously publically known has been posted. The following is the KB article on the fix.
DOCUMENT: Q180963 TITLE :Denial of Service Attack Causes Windows NT Systems to Reboot PRODUCT :Microsoft Windows NT PROD/VER:4.00 OPER/SYS:WINDOWS KEYWORDS:kbbug4.00 kbfix4.00 NTSrv ntstop
Well it would seem some folks have found the problem (or something similar) before as Oliver Friedrichs from Secure Networks hinted at back in October on the NTBugTraq mailing list.
http://listserv.ntbugtraq.com/SCRIPTS/WA-NTBT.EXE?A2=ind9710&L=ntbugtraq&m=
791&P=4201
Maybe the secnet folks would like to discuss some of their findings.
As it turns out, ISS and Secure Networks get to share credit for this one. We both found slightly different bugs, submitted repro code to MS, and they fixed it. The credit at ISS goes to Jose Rodriguez - he's the one who found it - I just gave him a target to aim at and coordinated with Microsoft so that they could figure out just what we did. We found one of the bugs fixed in this patch at ISS by accident working on our own SMB code - blue screened our whole NT network one day. We weren't sure exactly _what_ did it - had my laptop bouncing up and down all over the place whilst Jose got his code straight. Funny thing was that it would sometimes not BSOD the machine right away, but would sit there just fine until you went to bring an app to the foreground or something - then kerpow. Other times, it would torch you off right away. I'm really glad to see a hotfix come out _before_ there are machines getting blasted all over the net. Also nice to see that we didn't have to go public with it to get it fixed - which is actually our normal experience with them - YMMV. David LeBlanc |Why would you want to have your desktop user, dleblanc () mindspring com |your mere mortals, messing around with a 32-bit |minicomputer-class computing environment? |Scott McNealy
Current thread:
- Re: Fix for SMB DOS attack posted David LeBlanc (Feb 13)
- <Possible follow-ups>
- Fix for SMB DOS attack posted Paul Leach (Feb 13)
- Re: Fix for SMB DOS attack posted Aleph One (Feb 13)
- Re: Fix for SMB DOS attack posted Paul Leach (Feb 13)