Microsoft Windows NT WINS服务器服务拒绝漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105470 漏洞类型 未知
发布时间 1999-06-04 更新时间 2006-11-16
CVE编号 CVE-1999-0288 CNNVD-ID CNNVD-199808-003
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/19238
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199808-003
|漏洞详情
SP4之前的MicrosoftWindowsNT4.0版本中的WINS服务器存在漏洞。远程攻击者借助到端口137(NETBIOSNameService)的无效UDP框架导致服务拒绝(进程终止),如同借助一大批随机数据包被证明一样。
|漏洞EXP
source: http://www.securityfocus.com/bid/298/info

NT Workstations and Servers must have unique hostnames if they reside on the same network. Should an NT host attempt to use an existing hostname, the second server (with the new duplicate name) will fail to start its workstation and server services. (Once the name has been changed to a unique value and has been rebooted, the host will operate normally).

Should an NT host claim the hostname of a "victim" NT host while that host is turned off, the "victim" host will be subject to a Denial of Service-like attack because the workstation and server services will fail to start. NT hosts are usually prevented from taking duplicate names within one domain they must register their existence with an NT Domain Controller when initially joining the domain. (This registration process must be performed by someone with administrator privileges.)

A situation has been noted wherein a Win95 host may register the victim hostname (with a WINS server) by setting the Win95 workgroup name equal to the victim's hostname. The next time the victim host is rebooted, it will fail to start the workstation and server services as the WINS server will report that the hostname is claimed by the Win95 host. 

Set the Win95 workgroup name equal to the hostname for the victim NT host. If the WINS server registers this hostname, and the victim NT host is rebooted, it will fail to start its workstation and server services.
|参考资料

来源:XF
名称:nt-winsupd-fix(1233)
链接:http://xforce.iss.net/xforce/xfdb/1233
来源:safenetworks.com
链接:http://safenetworks.com/Windows/wins.html