Re: Fix for SMB DOS attack posted

[paulle () MICROSOFT COM (Paul Leach)]

A bug Oliver privately reported (with more information and a repro program)
was one of the ones fixed by the patch; it also fixed another one that I
don't believe was reported (but since I was wrong about his...). I didn't
realize he had posted a report about it to BUGTRAQ. I didn't want to mention
his name without his permission. I'll gladly credit the other guy too, if he
says its OK (I've sent mail).

In any case, what I was really thinking and could have said better was that
there was no publically released exploit.

People worried about NT DOS attacks should also look at the LSA-FIX from
last June. It fixed the problems mentioned by Paul Ashton in the archived
message.

> ----------
> From:         Aleph One[SMTP:aleph1 () dfw dfw net]
> Sent:         Friday, February 13, 1998 6:41 PM
> To:   Paul Leach
> Cc:   BUGTRAQ () NETSPACE ORG
> Subject:      Re: Fix for SMB DOS attack posted
>
> On Fri, 13 Feb 1998, Paul Leach wrote:
>
> > A hot-fix for a DOS attack on NT file servers that had not been
> previously
> > publically known has been posted. The following is the KB article on the
> > fix.
> >
> > DOCUMENT: Q180963
> > TITLE   :Denial of Service Attack Causes Windows NT Systems to Reboot
> > PRODUCT :Microsoft Windows NT
> > PROD/VER:4.00
> > OPER/SYS:WINDOWS
> > KEYWORDS:kbbug4.00 kbfix4.00 NTSrv ntstop
>
> Well it would seem some folks have found the problem (or something
> similar) before as Oliver Friedrichs from Secure Networks hinted at back
> in October on the NTBugTraq mailing list.
>
> http://listserv.ntbugtraq.com/SCRIPTS/WA-NTBT.EXE?A2=ind9710&L=ntbugtraq&m
> =791&P=4201
>
> Maybe the secnet folks would like to discuss some of their findings.
>
> Aleph One / aleph1 () dfw net
> http://underground.org/
> KeyID 1024/948FD6B5
> Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01