NetBios\udp datagram

Discussion in 'other security issues & news' started by snowy, Aug 7, 2002.

Thread Status:
Not open for further replies.
  1. snowy

    snowy Guest

    ***wasn't sure where this should be posted***


    although this alert is nearly two years old rarely if ever is it mention. so for the sake of it::

    http://www.pgp.com/research/covert/advisories/045.asp
     
  2. snowy

    snowy Guest

    Windows NetBIOS Unsolicited Cache Corruption

    Network Associates, Inc.
    COVERT Labs Security Advisory
    August 29, 2000

    * Synopsis

    The Microsoft Windows implementation of the NetBIOS cache allows a remote attacker to insert and flush dynamic cache entries as well as overwrite static entries through unsolicited unicast or broadcast UDP datagrams. As a result, remote attackers either on the local subnet or across the Internet may subvert the NetBIOS Name to IP address resolution process by redirecting any NetBIOS Name to any arbitrary IP address under the control of the attacker.

    Note: According to Microsoft, there will not be a patch released for this vulnerability. The resolution section of this advisory lists several options for end users to minimize its impact.

    RISK FACTOR: HIGH


    * Vulnerable Systems

    All versions of Microsoft Windows 95, 98, NT and 2000 are susceptible to cache corruption
     
  3. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    Hi snowman! I have a question. What if you have programs which regularly delete the cache? Would that help? (I'll check around too.)

    Also, Steve Gibson has a technique for fixing your Network Connections so they are not all connected. I recall that NetBios disconnections were featured? Maybe we can check on this. I applied the technique but it was a long time ago.
     
  4. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    I have always blocked 135-139 and 445, UDP and TCP with my firewall. I also have NetBios over TCP uninstalled on my machine with no ill effects and I have a lan with AnalogX Proxy for ICS.
    You just need to be careful in uninstalling NetBios or you will lose your ability to surf. Gibson has directions and there are other sites too.
    I am not familiar with the "NetBios Cache", but I don't think its going to bother me.
    Never hurts to post old stuff that still is perfectly relevant, Snowy. A lot of good info gets lost in time, much to my dismay. My memory fails me more each day. :(
     
  5. snowy

    snowy Guest

    Root

    Whats a memory...I forgot ?

    as you no doubt noticed M$ never\wont issue a patch....so ole news remains new news in this case.
    my health is still very far from good...some improvements yes...but not venturing far these days.....but as soon as possible I want to check into Linux as a dull boot.....there is a season for all things....Windows had its time....it even served a purpose.....an now tis the season for change
    eventually M$ will turn Windows into one larger broswer...one big spy-eye..........no thanks.

    snowman
     
Thread Status:
Not open for further replies.