Flaw in NetBIOS Could Lead to Information Disclosure

By Thomas McGuire on September 3, 2003, 2:23 PM
Affected Software:
Microsoft Windows NT 4.0 Server, NT 4.0 - Terminal Server Edition, 2000, XP & 2003

A security issue has been identified in Microsoft Windows that could allow an attacker to see information in your computerís memory over a network. This vulnerability involves 1 of the NetBIOS over TCP/IP (NetBT) services, the NetBIOS Name Server (NBNS). With this service, you can find a computer's IP address by using its NetBIOS name, & vice versa.

Under certain conditions, the response to a NetBT name service query may, in addition to the usual reply, contain random data from the destination computer's memory. This data may be a piece of HTML if the user on the destination computer is using an Internet browser, or it may contain other types of data that existed in memory at the time when the destination computer responded to a NetBT name service query. An attacker could seek to exploit this vulnerability by sending the destination computer a NetBT name service query & then looking carefully at the response to determine whether any random data from that computer's memory is included.

Patch Availbility




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.