Bugtraq mailing list archives
Re: NT4.0 SP3 Still vulnerable
From: rkuhljr () PUERIDOMUS BR (Rubens Kuhl Jr.)
Date: Thu, 15 May 1997 22:15:43 -0300
| I reported an Internet Explorer Security hole more than 2 months ago to | Microsoft. The bug allows Websites to capture usernames and encrypted | passwords from unsuspecing Windows NT users who have Internet Explorer. | | At first Microsoft told me they would Patch Internet Explorer. Then | Internet Explorer 3.02 which was supposed to fix ALL of the security | holes from that month. (According to MS's Web page) | | But IE 3.02 did not fix the security hole! | | Then Microsoft told me that NT 4.0 Service Pack 3 will definitely fix the | whole. | | I just downloaded it. It does NOT fix the security hole! As far as I know, IE 3.02 corrected only sending NTLM logins thru HTTP connections, and I suppose you are talking about capturing username/password hashes sent via SMB/CIFS (file://aaa.bbb.ccc.ddd). I'm still downloading SP3, but after a look at the readme it looked me that SP3 could empower a administrator to fix such bug by enabling the SMB signing feature; it would not fix it at installation. And with or without SP3, filtering routers blocking 135/137/138/139 ports make this exploit and similar ones limited to Intranets. | To date, microsoft has not fixed this and similiar security holes! Maybe a | expoit code release to BUGTRAQ is in order to help speed things up. Hasn't one exploit code been released to SAMBA-DIGEST ? It captures the password hashes, which someone could pass to l0phtcrack and similar crackers. Other exploits such as real-time password cracking hasn't been released, but I'm not sure if such release would make Microsoft go faster. | By the way, I have been conversing with CERT the last 2 months, and they | still believe that Microsoft will fix the problem and CERT does not want | to issue an Advisory until the bug is fixed. However CERT should atleast be | notifing administrators to warn users not to use Internet Explorer until | this bug is fixed. I think that's why BugTraq exists. Rubens Kuhl Jr.
Current thread:
- Re: NT4.0 SP3 Still vulnerable Rubens Kuhl Jr. (May 15)
- <Possible follow-ups>
- Re: NT4.0 SP3 Still vulnerable Aaron Spangler (May 16)
- Re: NT4.0 SP3 Still vulnerable Russ (May 16)
- Re: NT4.0 SP3 Still vulnerable Aaron Spangler (May 16)