Bugtraq mailing list archives
Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047))
From: "Patrick R. Sweeney" <patsw () BELLATLANTIC NET>
Date: Mon, 31 Jul 2000 20:12:00 -0400
I take this as an indication that they have not addressed this in Win9x and do not intend to address it there. I do not take it as an indication that this vulnerability does not exist there. Assuming a subnet of all win9x machines I would assume this could act as a DoS for browsing - duplicate the name of the Master Browser for the subnet, or for accessing shares of a particular machine perhaps. I don't expect this would cause issues with WINS registration, Authentication against a DC, etc. I would have to check the various resolution orders which can be specified for NetBIOS names, but if I am looking to the WINS server before the subnet's Master Browser then I am not certain you can really cause an effective DoS by spoofing a win9x box in a mixed environment (In this case Win9x and NT - at least) where WINS is working. I think you would have to be peer-to-peer, or have broken WINS, or absent WINS. Assuming you were absent WINS, the PDC was specified on the subnet Master Browser in an LMHosts file, the PDC was not otherwise specified on the local machines, no NT or SaMBa boxes on the subnet, and the results of any election were forced in the registry, then I suppose you could reliably cause a DoS by spoofing the Subnet Master Browser's netBIOS name on another box in the same subnet. Are there other potential DoS conditions from spoofing Win9x boxes from this vulnerability? -----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of Peter W Sent: Saturday, July 29, 2000 3:04 PM To: BUGTRAQ () SECURITYFOCUS COM Subject: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) COVERT says that the problem they reported also occurs on Windows 95 and Windows 98. Why are those OS'es not listed here? -Peter At 5:58pm Jul 27, 2000, Microsoft Product Security wrote:
Patch Available for "NetBIOS Name Server Protocol Spoofing" Vulnerability Originally Posted: July 27, 2000
Affected Software Versions ========================== - Microsoft Windows NT 4.0 Workstation - Microsoft Windows NT 4.0 Server - Microsoft Windows NT 4.0 Server, Enterprise Edition - Microsoft Windows NT 4.0 Server, Terminal Server Edition - Microsoft Windows 2000
Patch Availability ================== - Windows 2000: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=23370 - Windows NT 4.0 Workstation, Server, and Server, Enterprise Edition:Patch to be released shortly. - Windows NT 4.0 Server, Terminal Server Edition: Patch to be released shortly.
Acknowledgments =============== Microsoft thanks the following customers for working with us to protect customers: COVERT Labs at PGP Security, Inc., for reporting the unsolicited NetBIOS Name Conflict datagram issue to us. Sir Dystic of Cult of the Dead Cow for reporting the Name Release issue to us.
Current thread:
- FW: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Forrester, Mike (Aug 01)
- <Possible follow-ups>
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Patrick R. Sweeney (Aug 01)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Microsoft Security Response Center (Aug 01)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Ryan Fox (Aug 02)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) David LeBlanc (Aug 03)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Ryan Fox (Aug 02)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Neena Grimm (Aug 02)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Russ (Aug 02)