Microsoft Windows 9x / NT 4.0 ARP Spoofing Vulnerability
BID:1406
Info
Microsoft Windows 9x / NT 4.0 ARP Spoofing Vulnerability
| Bugtraq ID: | 1406 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2000-0612 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jun 29 2000 12:00AM |
| Updated: | Jul 11 2009 02:56AM |
| Credit: | Posted to Bugtraq on June 29, 2000 by Paul Starzetz <[email protected]>. Additional information provided by Wojciech Woch <[email protected]>. |
| Vulnerable: |
Microsoft Windows NT 4.0 Microsoft Windows 98 Microsoft Windows 95 |
| Not Vulnerable: | |
Discussion
Microsoft Windows 9x / NT 4.0 ARP Spoofing Vulnerability
Windows 9x and NT 4.0 do not properly handle spoofed ARP packets sent out on a network. Windows will update the ARP table with static entries based on information from other hosts. Existing static entries can be remotely overwritten in this manner. In this way, an attacker could reroute traffic intended for specific hosts to any other machine on the same subnet as the target.
Windows 9x and NT 4.0 do not properly handle spoofed ARP packets sent out on a network. Windows will update the ARP table with static entries based on information from other hosts. Existing static entries can be remotely overwritten in this manner. In this way, an attacker could reroute traffic intended for specific hosts to any other machine on the same subnet as the target.
Exploit / POC
Microsoft Windows 9x / NT 4.0 ARP Spoofing Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Microsoft Windows 9x / NT 4.0 ARP Spoofing Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Microsoft Windows 9x / NT 4.0 ARP Spoofing Vulnerability
References:
References: