Bugtraq mailing list archives
Re: [COVERT-2000-05] Microsoft Windows Computer Browser Reset Vulnerability
From: vlad () SANDY RU (Vladimir Dubrovin)
Date: Fri, 26 May 2000 21:00:52 +0400
Hello COVERT Labs, Browser protocol is insecure by design. As an example, evil host can send election packet with high election criteria to become a Master Browser and distribute empty (or spoofed) browsing list. It's also possible to feed spoofed list to Domain's Master. In case evil host is in another physical network - sending spoofed election packet once in 10 seconds will make effective DoS against browser service. There is a lot of the ways to use browser as traffic amplifier - such as sending spoofed browser list requests to domain's master, sending spoofed master browser's request to promote all potential browsers to backup browsers, etc. The best and only way to protect you network in this cases is packet filtering. C> The Microsoft Windows implementation of the Browser Protocol contains C> an undocumented feature that provides for the remote shutdown of the C> Computer Browser Service on a single computer or multiple computers. /3APA3A http://www.security.nnov.ru
Current thread:
- [COVERT-2000-05] Microsoft Windows Computer Browser Reset Vulnerability COVERT Labs (May 25)
- new vulnerability in Netscape effectively disables SSL server auth Kevin Fu (May 26)
- Microsoft Security Bulletin (MS00-036) Microsoft Product Security (May 26)
- Re: Microsoft Security Bulletin (MS00-036) Matt (May 26)
- [TL-Security-Announce] gpm TLSA2000011-1 Katherine M. Moussouris (May 26)
- Revision 2: Analysis of jolt2.c (MS00-029) Mikael Olsson (May 27)
- Re: [COVERT-2000-05] Microsoft Windows Computer Browser Reset Vulnerability Vladimir Dubrovin (May 26)