Reported September 3, 2003,
by Microsoft.
VERSIONS
AFFECTED
Windows Server 2003
Windows XP
Windows 2000
Windows NT Server 4.0
Windows NT Server 4.0,
Terminal Server Edition (WTS)
DESCRIPTION
A vulnerability in
Microsoft NetBIOS can result in information disclosure. This vulnerability stems
from a flaw in the NetBIOS Name Service (NBNS). An attacker can exploit this
vulnerability by sending a NetBT Name Service query to the target system, then
examining the response to see if it includes random data from that system's
memory.
VENDOR
RESPONSE
Microsoft has released Security Bulletin
MS03-034, "Flaw in NetBIOS Could Lead to Information Disclosure (824105),"
to address this vulnerability and recommends that affected users apply the
appropriate patch mentioned in the bulletin.
CREDIT
Discovered by Mike Price
of
Foundstone Labs.
Information Disclosure Vulnerability In Microsoft NetBIOS
0 comments
Hide comments