Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1593

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-1999-1593
Last Modified 15 Jan 2009 12:00:00
Published 14 Jan 2009 08:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-1999-1593

Summary

Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable.

Vulnerable Systems

Operating System

  • Microsoft Windows 286

  • Microsoft Windows 386

  • Microsoft Windows 95

  • Microsoft Windows 98

  • Microsoft Windows 98se

  • Microsoft Windows 9x

  • Microsoft Windows Nt

  • Microsoft Windows Nt 3.0.1

  • Microsoft Windows Nt 3.1

  • Microsoft Windows Nt 3.5

  • Microsoft Windows Nt 3.5.1

  • Microsoft Windows Nt 4.0


References

MISC - https://www2.sans.org/reading_room/whitepapers/win2k/185.php

BID - 2221

BUGTRAQ - 20010119 Re: Invalid WINS entries

BUGTRAQ - 20010118 Re: Invalid WINS entries

BUGTRAQ - 20010117 Re: Invalid WINS entries

BUGTRAQ - 20010117 Invalid WINS entries

NTBUGTRAQ - 19990302 NT Domain DoS and Security Exploit with SAMBA Server


Last Updated: 27 May 2016 11:03:46