BID:1262 - Microsoft Windows Computer Browser Reset Vulnerability

Microsoft Windows Computer Browser Reset Vulnerability

BID:1262

Info

Microsoft Windows Computer Browser Reset Vulnerability

Bugtraq ID:	1262
Class:	Design Error
CVE:
Remote:	Yes
Local:	Yes
Published:	May 25 2000 12:00AM
Updated:	May 25 2000 12:00AM
Credit:	Discovered by Anthony Osborne and publicized in a Network Associates COVERT Labs Advisory (COVERT-2000-05) on May 25, 2000.
Vulnerable:	Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP5 Microsoft Windows NT Workstation 4.0 SP4 Microsoft Windows NT Workstation 4.0 SP3 Microsoft Windows NT Workstation 4.0 SP2 Microsoft Windows NT Workstation 4.0 SP1 Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Server 4.0 SP6a + Avaya DefinityOne Media Servers + Avaya DefinityOne Media Servers + Avaya IP600 Media Servers + Avaya IP600 Media Servers + Avaya S3400 Message Application Server 0 + Avaya S8100 Media Servers 0 + Avaya S8100 Media Servers 0 Microsoft Windows NT Server 4.0 SP6 Microsoft Windows NT Server 4.0 SP5 Microsoft Windows NT Server 4.0 SP4 Microsoft Windows NT Server 4.0 SP3 Microsoft Windows NT Server 4.0 SP2 Microsoft Windows NT Server 4.0 SP1 Microsoft Windows NT Server 4.0 Microsoft Windows NT Enterprise Server 4.0 SP6a Microsoft Windows NT Enterprise Server 4.0 SP6 Microsoft Windows NT Enterprise Server 4.0 SP5 Microsoft Windows NT Enterprise Server 4.0 SP4 Microsoft Windows NT Enterprise Server 4.0 SP3 Microsoft Windows NT Enterprise Server 4.0 SP2 Microsoft Windows NT Enterprise Server 4.0 SP1 Microsoft Windows NT Enterprise Server 4.0 Microsoft Windows 98 Microsoft Windows 95 Microsoft Windows 2000 Server + Avaya DefinityOne Media Servers + Avaya IP600 Media Servers + Avaya S3400 Message Application Server 0 + Avaya S8100 Media Servers 0 Microsoft Windows 2000 Professional Microsoft Windows 2000 Advanced Server

Not Vulnerable:

Discussion

Microsoft Windows Computer Browser Reset Vulnerability

By default, the CIFS browser protocol is publicly available and delivered on the network through UDP port 138. CIFS browser protocol defines a set of browser frames which is decoded by Network Monitor and generated by the "browstat.exe" utility. Due to the implementation within windows there is no capability to configure a browser to ignore ResetBrowser frames. While the CIFS browser protocol is unauthenticated the service is vulnerable to a remote shutdown of the host and user browser service, making it almost impossible for users to locate services and other computers on a network.

Exploit / POC

Microsoft Windows Computer Browser Reset Vulnerability

Currently the SecurityFocus staff are not aware of any exploit for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Microsoft Windows Computer Browser Reset Vulnerability

Solution:
Microsoft has released patches which rectify this issue:

Microsoft Windows 2000 Professional

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21298

Microsoft Windows NT Enterprise Server 4.0

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Enterprise Server 4.0 SP2

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Server 4.0 SP3

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Workstation 4.0 SP6a

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Enterprise Server 4.0 SP3

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Workstation 4.0 SP6

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Server 4.0 SP1

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Workstation 4.0 SP5

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Workstation 4.0

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Enterprise Server 4.0 SP4

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Workstation 4.0 SP2

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Enterprise Server 4.0 SP6

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Enterprise Server 4.0 SP5

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Server 4.0

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Workstation 4.0 SP3

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Workstation 4.0 SP4

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Enterprise Server 4.0 SP6a

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Server 4.0 SP6

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Server 4.0 SP6a

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Server 4.0 SP5

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Server 4.0 SP2

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Workstation 4.0 SP1

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows NT Enterprise Server 4.0 SP1

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Windows 2000 Advanced Server

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21298

Microsoft Windows 2000 Server

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21298

Microsoft Windows NT Server 4.0 SP4

Microsoft Q262694
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

Microsoft Q262694
Microsoft Windows NT 4 Alpha
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

References

Microsoft Windows Computer Browser Reset Vulnerability

References:

Frequently Asked Questions: Microsoft Security Bulletin (MS00-036) (Microsoft)
Q262694: Malicious User Can Shut Down Computer Browser Service (Microsoft)