Re: Yet another SMB dos concept code

From: Kevin Gennuso (gooseyat_private)
Date: Thu Aug 29 2002 - 13:39:24 PDT

Next message: Muhammad Faisal Rauf Danka: "Re: Webmin Vulnerability Leads to Remote Compromise (RPC CGI)"

Previous message: Mandrake Linux Security Team: "MDKSA-2002:054 - gaim update"
Maybe in reply to: Huagang Xie: "Yet another SMB dos concept code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I've tryed it against some Windows 2000/NT 4.0 machine and i noticed
> that disabling NetBIOS Null Session will keep you safe from this DOS.

Don't be fooled - disabling null sessions will only prevent
non-authenticated users from being able to execute the attack.  Users with
accounts on the box (or the domain, depending on your situation) will
still be able to play bouncy-bouncy with the machine.

Read the Microsoft article (MS02-045) - it details all of this info.

Also note that this exploit works on unpatched XP and .NET servers as
well.

Kevin

Next message: Muhammad Faisal Rauf Danka: "Re: Webmin Vulnerability Leads to Remote Compromise (RPC CGI)"
Previous message: Mandrake Linux Security Team: "MDKSA-2002:054 - gaim update"
Maybe in reply to: Huagang Xie: "Yet another SMB dos concept code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 29 2002 - 14:16:44 PDT