Bugtraq mailing list archives

Re: Winsock 2.0 DoS

From: stevep () ee pdx edu (stevep () ee pdx edu)
Date: Thu, 12 Mar 1998 19:31:58 -0800


johnr () CSH RIT EDU said:

If a user has the newest winsock patch for winsock 2.0, which can be
located at :

http://www.microsoft.com/windows95/info/ws2.htm

and attempts to do an address lookup on a address which doesn't exist
and is 13 characters long winsock will fault. This has been
reproduced on several computers and it takes a couple of seconds of
looking up to occur. This happens with every winsock program I've
tested including Netscape 3, Ie 3.0, and MS ping. Example sites that
work are:

www.socois.cool www.pcorner.org blahd.yahoo.com

This apparently only works on names that are exactly 13 characters
long (not including periods).


This seems to be related to the Client for Microsoft Networks.  I verified the
error on one of my boxes, then removed MS client.  The machine did not crash.
Reinstall MS Client, crashed.

From tcpdump:

19:29:28.940000 ishmael.1027 > joshua.domain: 1+ (33)
19:29:28.940000 joshua.domain > ishmael.1027: 1 NXDomain* 0/1/0 (110)
19:29:28.990000 ishmael.1028 > joshua.domain: 2+ (44)
19:29:28.990000 joshua.domain > ishmael.1028: 2 0/0/0 (44)
19:29:29.220000 ishmael.netbios-ns > 10.255.255.255.netbios-ns: udp 50
19:29:29.970000 ishmael.netbios-ns > 10.255.255.255.netbios-ns: udp 50
19:29:30.730000 ishmael.netbios-ns > 10.255.255.255.netbios-ns: udp 50
19:29:31.490000 ishmael.netbios-ns > joshua.domain: 14+ (34)
19:29:31.490000 joshua.domain > ishmael.netbios-ns: 14 FormErr 0/0/0 (12)
19:29:32.990000 ishmael.netbios-ns > joshua.domain: 14+ (45)
19:29:32.990000 joshua.domain > ishmael.netbios-ns: 14 FormErr 0/0/0 (12)



--
-------------------------------------------------------------------
Steven H. Parker, CLE - Certified Linux Enthusiast
http://www.ee.pdx.edu/~stevep

"If Bill Gates had a dime for every time a Windows box crashed...
... Oh, wait a minute, he already does."
-------------------------------------------------------------------

Current thread:

Re: Midnight Commander /tmp race, (continued)
- - - Re: Midnight Commander /tmp race willy () SNOWYOWL CSU AC RU (Mar 17)
    - Re: Midnight Commander /tmp race Pavel Kankovsky (Mar 18)
    - Solaris printd security vulnerability Aleph One (Mar 11)
    - Sun Security Bulletin #00165 Aleph One (Mar 11)
    - Fwd: Sun Security Bulletin #00166 Tony Hagale (Mar 11)
    - SLMail 2.6 DoS Steven (Mar 11)
    - SLMail 2.6 DoS - Imail also Jon (Mar 11)
    - Winsock 2.0 DoS John Robinson (Mar 11)
    - Re: Winsock 2.0 DoS Henri Karrenbeld (Mar 12)
    - more testing of Winsock 2.0 DoS Velocet (Mar 12)
    - Re: Winsock 2.0 DoS stevep () ee pdx edu (Mar 12)
    - InfoSecurity News jericho () DIMENSIONAL COM (Mar 13)
    - Chase Bank joey.wheel (Mar 13)
    - Win95 Winsock 2.0 DoS Russ (Mar 13)
    - Problems with MDaemon 2.7.1 Development Team (Mar 12)
    - FreeBSD Security Advisory: FreeBSD-SA-98:01.land Aleph One (Mar 12)
    - FreeBSD Security Advisory: FreeBSD-SA-98:02.mmap Aleph One (Mar 12)
    - SGI Security Advisory 19980301-01-PX - startmidi/stopmidi, SGI Security Coordinator (Mar 12)
    - Winsock 2.0 DoS John Robinson (Mar 12)
  - BackWeb Server v.3 (Eval) g3nR8 f00b4r (Mar 10)
  - Administrivia Aleph One (Mar 10)