Re: Fix for SMB DOS attack posted

Paul Leach (paulle@MICROSOFT.COM)
Fri, 13 Feb 1998 19:31:12 -0800

A bug Oliver privately reported (with more information and a repro program)
was one of the ones fixed by the patch; it also fixed another one that I
don't believe was reported (but since I was wrong about his...). I didn't
realize he had posted a report about it to BUGTRAQ. I didn't want to mention
his name without his permission. I'll gladly credit the other guy too, if he
says its OK (I've sent mail).

In any case, what I was really thinking and could have said better was that
there was no publically released exploit.

People worried about NT DOS attacks should also look at the LSA-FIX from
last June. It fixed the problems mentioned by Paul Ashton in the archived
message.

> ----------
> From: Aleph One[SMTP:aleph1@dfw.dfw.net]
> Sent: Friday, February 13, 1998 6:41 PM
> To: Paul Leach
> Cc: BUGTRAQ@NETSPACE.ORG
> Subject: Re: Fix for SMB DOS attack posted
>
> On Fri, 13 Feb 1998, Paul Leach wrote:
>
> > A hot-fix for a DOS attack on NT file servers that had not been
> previously
> > publically known has been posted. The following is the KB article on the
> > fix.
> >
> > DOCUMENT: Q180963
> > TITLE :Denial of Service Attack Causes Windows NT Systems to Reboot
> > PRODUCT :Microsoft Windows NT
> > PROD/VER:4.00
> > OPER/SYS:WINDOWS
> > KEYWORDS:kbbug4.00 kbfix4.00 NTSrv ntstop
>
> Well it would seem some folks have found the problem (or something
> similar) before as Oliver Friedrichs from Secure Networks hinted at back
> in October on the NTBugTraq mailing list.
>
> http://listserv.ntbugtraq.com/SCRIPTS/WA-NTBT.EXE?A2=ind9710&L=ntbugtraq&m
> =791&P=4201
>
> Maybe the secnet folks would like to discuss some of their findings.
>
> Aleph One / aleph1@dfw.net
> http://underground.org/
> KeyID 1024/948FD6B5
> Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
>
>