Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: RE: Microsoft Security Update

RE: Microsoft Security Update

From: Luke Smith <luke_at_smith.name>
Date: Fri, 5 Sep 2003 08:53:48 +1000

>MS03-034 (NetBIOS information disclosure) gets a rating of Low, even
though
>Blaster showed us just how many Windows installations run with all
ports
>accessible.

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulleti
n/MS03-034.asp

"Under certain conditions, the response to a NetBT Name Service query
may, in addition to the typical reply, contain random data from the
target system's memory. This data could, for example, be a segment of
HTML if the user on the target system was using an Internet browser, or
it could contain other types of data that exist in memory at the time
that the target system responds to the NetBT Name Service query."

It's not something you could directly own the box with, unlike RPC vuln
that Blaster uses; it merely exposes some trivia, thus the "low" rating.

Cheers,

Luke Smith

________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________
Received on Sep 05 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]