Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Winsock 2.0 DoS
From: bmcw () REDBUD MV COM (Brian S. McWilliams)
Date: Fri, 1 May 1998 22:57:29 -0400

Appears Microsoft has quietly addressed the Winsock 2.0 DoS bug.


"The Vnbt.386 file installed into the Windows\System folder had an internal
problem: any attempt at NetBIOS name resolution on a name of 15 characters
containing at least two periods (.) resulted in internal memory problems.
The name resolution could be by any method (such as a NET USE command,
double-clicking a Network Neighborhood resource, or programmatically by a
program). Enabling or disabling DNS made no difference, the problem
occurred if any of the forms listed above was passed to Vnbt.386.

This problem could cause Windows to stop responding (hang) without warning.
Note that the Vnbt.386 file is TCP/IP-specific; NetBIOS name resolution on
NetBEUI and IPX/SPX were not affected. "


At 09:24 PM 3/11/98 -0500, John Robinson wrote:
If a user has the newest winsock patch for winsock 2.0, which can be
located at :


and attempts to do an address lookup on a address which doesn't exist
and is 13 characters long winsock will fault. This has been reproduced
on several computers and it takes a couple of seconds of looking up to
occur. This happens with every winsock program I've tested including
Netscape 3, Ie 3.0, and MS ping. Example sites that work are:


This apparently only works on names that are exactly 13 characters long
(not including periods).

This is dangerous because web pages can simply redirect browswers to
these pages or put img sources equal to nonexistent address entries
which will crash winsock.


                           John Robinson
johnr () csh rit edu          jjr4693 () rit edu        robinson () foothills net
"Twenty years from now you will be more disappointed by the things you
didn't do than by the things you did do. So throw off the bowlines. Sail
away from the safe harbor. Catch the trade winds in your sails. Explore.
Dream. Discover." Mark Twain

  By Date           By Thread  

Current thread:
  • Re: Winsock 2.0 DoS Brian S. McWilliams (May 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]