Bugtraq mailing list archives
Re: Internet Explorer Bug #4
From: pjjvande () CAYLEY UWATERLOO CA (Paul)
Date: Sun, 16 Mar 1997 10:56:46 -0500
It is interesting to note that in theory someone could setup a Lanman server that make a simultaneous connection back to the client as a connection comes in. By simply relaying the same challenge and password back to the client, the remote server could gain network access to the vulnerable client.This is false. When establishing the connection back to the client machine, the the client while issue its own challenge to the server, so this will not work
Here is a scenario: before sending the challenge to the victim, connect to the victim's host and use the challenge given by that host as the victim's challenge. Then use the victim's response as the response to the victim's host. Why would this not work? Seems to poke a nice big hole into the entire challenge response mechanism.. - Paul
Current thread:
- Re: Internet Explorer Bug #4 Dominique Brezinski (Mar 14)
- Re: Internet Explorer Bug #4 Paul (Mar 16)
- bin/2983: Security bug (buffer overflow) in lib/libterm/tgoto.c Aleph One (Mar 16)
- Re: Internet Explorer Bug #4 Aaron Spangler (Mar 18)
- <Possible follow-ups>
- Re: Internet Explorer Bug #4 Alain Thivillon (Mar 15)
- Re: Internet Explorer Bug #4 Steve Birnbaum (Mar 15)
- Re: Internet Explorer Bug #4 Rubens Kuhl Jr. (Mar 15)
- Re: Internet Explorer Bug #4 Rubens Kuhl Jr. (Mar 15)