Bugtraq mailing list archives

Re: [COVERT-2000-05] Microsoft Windows Computer Browser Reset Vulnerability

From: vlad () SANDY RU (Vladimir Dubrovin)
Date: Fri, 26 May 2000 21:00:52 +0400


Hello COVERT Labs,

Browser  protocol  is insecure by design. As an example, evil host can
send  election  packet  with high election criteria to become a Master
Browser   and  distribute  empty (or spoofed) browsing list. It's also
possible to feed spoofed list to Domain's Master.

In  case  evil  host  is in another physical network - sending spoofed
election  packet  once  in  10 seconds will make effective DoS against
browser service.

There  is a lot of the ways to use browser as traffic amplifier - such
as  sending  spoofed browser list requests to domain's master, sending
spoofed  master browser's request to promote all potential browsers to
backup browsers, etc.

The  best  and only way to protect you network in this cases is packet
filtering.

C> The Microsoft Windows implementation of the Browser Protocol contains
C> an undocumented feature that provides for the remote shutdown of the
C> Computer Browser Service on a single computer or multiple computers.

/3APA3A
http://www.security.nnov.ru

Current thread:

[COVERT-2000-05] Microsoft Windows Computer Browser Reset Vulnerability COVERT Labs (May 25)
- new vulnerability in Netscape effectively disables SSL server auth Kevin Fu (May 26)
- Microsoft Security Bulletin (MS00-036) Microsoft Product Security (May 26)
  - Re: Microsoft Security Bulletin (MS00-036) Matt (May 26)
  - [TL-Security-Announce] gpm TLSA2000011-1 Katherine M. Moussouris (May 26)
  - Revision 2: Analysis of jolt2.c (MS00-029) Mikael Olsson (May 27)
- Re: [COVERT-2000-05] Microsoft Windows Computer Browser Reset Vulnerability Vladimir Dubrovin (May 26)