|
Family: Windows : Microsoft Bulletins --> Category: infos
NetBIOS Name Service Reply Information Leakage (824105) (registry check) Vulnerability Scan
Vulnerability Scan Summary Checks the remote registry for MS03-034
Detailed Explanation for this Vulnerability Test
Synopsis :
Random portions of memory may be disclosed thru the NetBIOS name service.
Description :
The remote host is running a version of the NetBT name
service which suffers from a memory disclosure problem.
A possible hacker may send a special packet to the remote NetBT name
service, and the reply will contain random arbitrary data from
the remote host memory. This arbitrary data may be a fragment from
the web page the remote user is viewing, or something more serious
like a POP password or anything else.
A possible hacker may use this flaw to continuously 'poll' the content
of the memory of the remote host and might be able to obtain sensitive
information.
Solution :
Microsoft has released a set of patches for Windows NT, 2000, XP ans 2003 :
http://www.microsoft.com/technet/security/bulletin/ms03-034.mspx
Threat Level:
High / CVSS Base Score : 8
(AV:R/AC:H/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|