Bugtraq mailing list archives

Re: Internet Explorer Bug #4

From: pjjvande () CAYLEY UWATERLOO CA (Paul)
Date: Sun, 16 Mar 1997 10:56:46 -0500

It is interesting to note that in theory someone could setup a Lanman server
that make a simultaneous connection back to the client as a connection
comes in.  By simply relaying the same challenge and password back to the
client, the remote server could gain network access to the vulnerable client.


This is false.  When establishing the connection back to the client
machine, the the client while issue its own challenge to the server, so
this will not work


Here is a scenario: before sending the challenge to the victim,
connect to the victim's host and use the challenge given by that host as
the victim's challenge.  Then use the victim's response as the response to
the victim's host.

Why would this not work?

Seems to poke a nice big hole into the entire challenge response
mechanism..

- Paul

Current thread:

Re: Internet Explorer Bug #4 Dominique Brezinski (Mar 14)
- Re: Internet Explorer Bug #4 Paul (Mar 16)
- bin/2983: Security bug (buffer overflow) in lib/libterm/tgoto.c Aleph One (Mar 16)
- Re: Internet Explorer Bug #4 Aaron Spangler (Mar 18)
- <Possible follow-ups>
- Re: Internet Explorer Bug #4 Alain Thivillon (Mar 15)
  - Re: Internet Explorer Bug #4 Steve Birnbaum (Mar 15)
- Re: Internet Explorer Bug #4 Rubens Kuhl Jr. (Mar 15)
- Re: Internet Explorer Bug #4 Rubens Kuhl Jr. (Mar 15)