Bugtraq mailing list archives
RE: Microsoft Security Update
From: "Luke Smith" <luke () smith name>
Date: Fri, 5 Sep 2003 08:53:48 +1000
MS03-034 (NetBIOS information disclosure) gets a rating of Low, even
though
Blaster showed us just how many Windows installations run with all
ports
accessible.
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulleti n/MS03-034.asp "Under certain conditions, the response to a NetBT Name Service query may, in addition to the typical reply, contain random data from the target system's memory. This data could, for example, be a segment of HTML if the user on the target system was using an Internet browser, or it could contain other types of data that exist in memory at the time that the target system responds to the NetBT Name Service query." It's not something you could directly own the box with, unlike RPC vuln that Blaster uses; it merely exposes some trivia, thus the "low" rating. Cheers, Luke Smith ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________
Current thread:
- FW: Microsoft Security Update Thor Larholm (Sep 04)
- RE: Microsoft Security Update Luke Smith (Sep 04)
- RE: Microsoft Security Update Andrew Ruef (Sep 05)
- Re: FW: Microsoft Security Update Paul Tinsley (Sep 05)
- <Possible follow-ups>
- Re: FW: Microsoft Security Update xenophi1e (Sep 04)
- RE: Microsoft Security Update Luke Smith (Sep 04)