[prev in list] [next in list] [prev in thread] [next in thread]
List: suse-security
Subject: Re: [suse-security] Microsoft Hacked!
From: "bacano" <bacano () esoterica ! pt>
Date: 2000-10-28 14:00:50
[Download RAW message or body]
If the question is about SMB services on MS OS's, the answer is yes.
Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability:
Transmitting SMB requests to either port 445 or 139 without acknowledging
the responses will cause Windows NT 4.0 to refuse any incoming network
connections and will disable any SMB-reliant services in Windows 2000 until
20 seconds after the connection desists. Outgoing network connections in
Windows 2000 are not affected by this vulnerability.
Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability:
Windows NT 4.0 and 2000 hosts will crash if they receive a DCE/RPC request
encapusulated in a SMB write request with an incorrect data length field.
As far as i know, those 2 dont have a solution yet, but i didn't check MS
advisories to check. Both were posted to Bugtraq by Luke Kenneth Casson
Leighton <lkcl@samba.org> on June 5, 2000.
Samba for Linux had known vulnerabilities in Samba Pre-2.0.5 but the problem
was only in Debian and Red Hat distributions, as far as i know.
If you go to www.securityfocus.com and search in their vulnerabilities
database, you will have more info.
[ ]'s bacano
P.S. - and no, i dont think this hack/crack is amusing because i have a box
running WindosME ... sorry to say that eheheh
----- Original Message -----
From: "Thomas Michael Wanka" <tm_wanka@earthling.net>
To: <suse-security@suse.com>
Sent: Saturday, October 28, 2000 12:00 PM
Subject: RE: [suse-security] Microsoft Hacked!
> Hi,
>
> allthough it might be amusing to some, I was interrested if only MS
> shares are vulnerable or samba too? Anyone got an answer, even if
> it is just to try te be on topic?
>
> thanks
>
> mike
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@suse.com
> For additional commands, e-mail: suse-security-help@suse.com
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic