Microsoft WINS Domain Controller Spoofing Vulnerability
BID:2221
Info
Microsoft WINS Domain Controller Spoofing Vulnerability
| Bugtraq ID: | 2221 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 17 2001 12:00AM |
| Updated: | Oct 12 2007 09:38PM |
| Credit: | Discovered and posted to Bugtraq by David Byrne <[email protected]> on Jan 17, 2001: |
| Vulnerable: |
Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP5 Microsoft Windows NT Workstation 4.0 SP4 Microsoft Windows NT Workstation 4.0 SP3 Microsoft Windows NT Workstation 4.0 SP2 Microsoft Windows NT Workstation 4.0 SP1 Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Terminal Server 4.0 SP6 Microsoft Windows NT Terminal Server 4.0 SP5 Microsoft Windows NT Terminal Server 4.0 SP4 Microsoft Windows NT Terminal Server 4.0 SP3 Microsoft Windows NT Terminal Server 4.0 SP2 Microsoft Windows NT Terminal Server 4.0 SP1 Microsoft Windows NT Terminal Server 4.0 Microsoft Windows NT Server 4.0 SP6a Microsoft Windows NT Server 4.0 SP6 Microsoft Windows NT Server 4.0 SP5 Microsoft Windows NT Server 4.0 SP4 Microsoft Windows NT Server 4.0 SP3 Microsoft Windows NT Server 4.0 SP2 Microsoft Windows NT Server 4.0 SP1 Microsoft Windows NT Server 4.0 Microsoft Windows NT Enterprise Server 4.0 SP6a Microsoft Windows NT Enterprise Server 4.0 SP6 Microsoft Windows NT Enterprise Server 4.0 SP5 Microsoft Windows NT Enterprise Server 4.0 SP4 Microsoft Windows NT Enterprise Server 4.0 SP3 Microsoft Windows NT Enterprise Server 4.0 SP2 Microsoft Windows NT Enterprise Server 4.0 SP1 Microsoft Windows NT Enterprise Server 4.0 Microsoft Windows NT 4.0 Microsoft Windows 2000 Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Advanced Server |
| Not Vulnerable: | |
Discussion
Microsoft WINS Domain Controller Spoofing Vulnerability
Windows Internet Naming Service (WINS) ships with Microsoft Windows NT Server. WINS resolves IP addresses with network computer names in a client-to-server environment. A distributed database is updated with an IP address for every machine available on the network.
Unfortunately WINS fails to properly verify the registration of domain controllers. A user can modify the entries for a domain controller, causing the WINS service to redirect requests for the DC to another system. This can lead to a loss of network functionality for the domain. The DC impersonator can also be set up to capture username and password hashes passed to it during login attempts.
Windows Internet Naming Service (WINS) ships with Microsoft Windows NT Server. WINS resolves IP addresses with network computer names in a client-to-server environment. A distributed database is updated with an IP address for every machine available on the network.
Unfortunately WINS fails to properly verify the registration of domain controllers. A user can modify the entries for a domain controller, causing the WINS service to redirect requests for the DC to another system. This can lead to a loss of network functionality for the domain. The DC impersonator can also be set up to capture username and password hashes passed to it during login attempts.
Exploit / POC
Microsoft WINS Domain Controller Spoofing Vulnerability
The following exploit has been provided:
The following exploit has been provided:
Solution / Fix
Microsoft WINS Domain Controller Spoofing Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Microsoft WINS Domain Controller Spoofing Vulnerability
References:
References: