56 matches found
Symantec Norton Firewall NBNS response Remote Heap Corruption (CVE-2004-0444)
When Symantec firewalls allow incoming UDP datagrams to port 137, any inbound UDP datagrams with a source port of 137 will be treated as NetBIOS Name Service messages and will be validated and parsed. The Symantec firewall product line is vulnerable to a remote heap corruption attack in the...
BrightStor ARCserve Message Engine opnum 0x10d buffer overflow
Added: 10/18/2007 CVE: CVE-2007-5327 BID: 26015 OSVDB: 41369 Background CA ARCserve Bac kup formerly BrightStor ARCserve Backup is a backup and recovery solution. It runs a Message Engine RPC service on port 6504/TCP by default. Problem A buffer overflow in BrightStor ARCserve Backup allows remot...
LocalWeb2000 <= 2.1.0 Multiple Vulnerabilities
LocalWeb2000 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2002 Jason Lidow Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-065-1 : samba - remote file append/creation
Michal Zalewski discovered that Samba does not properly validate NetBIOS names from remote machines. By itself that is not a problem, except if Samba is configured to write log-files to a file that includes the NetBIOS name of the remote side by using the %m' macro in the log file' command. In th...
Multiple Samba bugs
DoS against NetBIOS name service nmbd, endless loop in SMBD...
Multiple Symantec firewall products contain a heap corruption vulnerability in the handling of NBNS response packets
Overview There is a heap corruption vulnerability in multiple Symantec firewall products in which attempts to process a specially crafted NetBIOS Name Service NBNS response packet could allow an unauthenticated, remote attacker to execute arbitrary code with kernel privileges. Description Symante...
CVE-2001-1162
Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file...
FreeBSD-SA-01:45.samba
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:45 Security Advisory FreeBSD, Inc. Topic: samba Category: ports Module: samba Announced: 2001-07-10 Credits: Michal Zalewski Affects: Ports collection prior to the...
Проблема с лог-файлом в Samba (directory traversal)
При использовании лог-файлов с именами соответствующими NETBIOS-именам компьютером, если имся компьютера содержит ../ - будет перезаписан файл в директории более высокого уровня. NETBIOS-имя может содержать до 15 символов...
CVE-2000-0673
The NetBIOS Name Server NBNS protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability...
Microsoft Windows NT 4.02000 - NetBIOS Name Conflict
Microsoft Windows NT 4.02000 - NetBIOS Name Conflict source: https://www.securityfocus.com/bid/1514/info An attacker can send the NetBIOS name service a NetBIOS Name Conflict message even when the receiving machine is not in the process of registering its NetBIOS name. The target will then not...
Microsoft Windows NT 4.0/2000 - NetBIOS Name Conflict
source: https://www.securityfocus.com/bid/1514/info An attacker can send the NetBIOS name service a NetBIOS Name Conflict message even when the receiving machine is not in the process of registering its NetBIOS name. The target will then not attempt to use that name in any future netwrok connecti...
[COVERT-2000-09] Windows NetBIOS Name Conflicts
Microsoft Security Bulletin MS00-047 - -------------------------------------- Patch Available for "NetBIOS Name Server Protocol Spoofing" Vulnerability Originally Posted: July 27, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in a protocol implemente...
CVE-2000-0673
The NetBIOS Name Server NBNS protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability...
CVE-1999-0288
The CVE-1999-0288 issue affects the WINS server in Microsoft Windows NT 4.0 prior to SP4, where remote attackers can terminate the WINS process by sending invalid UDP frames to NETBIOS Name Service port 137. Exploitation is described as a flood of random UDP packets causing a denial of service. T...
CVE-1999-0288
The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service process termination via invalid UDP frames to port 137 NETBIOS Name Service, as demonstrated via a flood of random packets...