Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Naptha - New DoS

From: Lincoln Yeoh <lyeoh () POP JARING MY>
Date: Fri, 8 Dec 2000 17:13:18 +0800
At 11:34 PM 12/6/00 -0500, White Vampire wrote:

Some affected operating systems:

* Novell's Netware 5.0 with sp1 (Will not recover)
* Linux (2.2.x .. others ?) (Unknown.. can recover sometimes?)
* FreeBSD 4.0-REL (Can recover in short period)
* Possibly others.. it is a rather widespread problem.


Microsoft says that Windows 9x is affected if File and Printer sharing is
enabled.

http://www.microsoft.com/technet/security/bulletin/MS00-091.asp
http://www.microsoft.com/technet/security/bulletin/fq00-091.asp


This vulnerability could only be exploited if TCP port 139 was
open on the target machine. If the server service or File/Print
sharing were disabled on a computer it would not be susceptible
to this vulnerability


However, I've noticed that even if file/print sharing is disabled, but
Microsoft's "Client for Microsoft Networks" or "Microsoft Family Logon" is
installed, Windows 9x still listens to port 139 and accepts connections.
Does this still mean it can be affected? Is Microsoft's advisory accurate?
Or do we still have to manually unbind port 139 or uninstall those
Microsoft logon clients.

Cheerio,
Link.
Previous By Date Next
Previous By Thread Next

Current thread: