Bugtraq mailing list archives
OOB NUKE on Win 3.11 with Win32s too !! (Re: WINNUKE)
From: t.r.vonck () STUDENT UTWENTE NL (Tjerk Vonck)
Date: Mon, 12 May 1997 22:29:27 +0200
[sorry for the massive to: 's ..I didnt know the proper addresses and I think this should be known to the world] (* Problem on Win 3.11 described and fix provided *) At 15:14 12-5-1997 -0400, people wrote:
It is possible to remotely cause denial of service to any windows 95/NT user. It is done by sending OOB [Out Of Band] data to an established connection you have with a windows user. NetBIOS [139] seems to be the most effective since this is a part of windows. Apparently windows doesn't know how to handle OOB, so it panics and crazy things happen. I have heard reports of everything from windows dropping carrier to the entire screen turning white. Windows also sometimes has trouble handling anything on a network at all after an attack like this. A reboot fixes whatever damage this causes. Code follows.
All reports speak of Windows95 and winNT but Win3.11 with Win32s is affected too !! I was on Win3.11 instead of Win95 to escape this bug today but got crashed on the fly by others. I get dropped back into the DOS prompt as soon as people do the OOB trick on me. This is easily and always reproducable. (Aint IRC a funny shooting range) My system : Win 3.11 Win32s MS TCP/IP32 (the 32 bit TCP stack Microsoft made for win 3.11) I'm on a LAN; a direct Internet connection. No modem or other interfaces or stacks are involved. I only have this TCP/IP stack installed. No Netbeui protocols or anything else. --------- FIX (provided by Sully) --------------------- I found this fix similar to one of the Windows 95 Fixes. It sems to work properly. 1. Leave windows 3.11 2.In DOS go to the c:\windows\system directory 3.Find the file named vnbt.386 4.Rename the file to vnbt.bak 5.Reboot your PC and start Windows 3.11 This will disable file sharing and probably other Win3.11 funtionality but doesnt -really- harm your system. It -will- result in an error on startup of win3.11 but this can simply be ignored pending a more permanent fix Microsoft should provide. In the event that problems are experienced or when you really need filesharing, simply rename the file vnbt.bak back to vnbt.386 ----------------------------------- It is not only Windows95/NT; are you aware of this ? Is MS aware of this ? Please investigate this and/or add this to your reports ?! Tjerk Vonck.
Current thread:
- OOB NUKE on Win 3.11 with Win32s too !! (Re: WINNUKE) Tjerk Vonck (May 12)