| VID |
26016 |
| Severity |
30 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (Q275567) for the "Incomplete TCP/IP packet" problem has not been applied.
Windows NT 4.0, Windows 95/98, and Windows Me are vulunerable to a denial of service attack, caused by a vulnerability in the implementation of NetBIOS over TCP/IP. A remote attacker, with access to the NetBIOS port (TCP 139) on the targeted computer, can send specially-malformed TCP/IP packets to consume of the CPU resources, and cause the system to stop responding to client requests.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* Platforms Affected:
Microsoft Windows 95, 98, ME, NT |
| Recommendation |
For Windows NT 4.0, Apply the patch for this vulnerabilty, as listed in Microsoft Security Bulletin MS00-091. (http://www.microsoft.com/technet/security/bulletin/ms00-091.asp)
For Windows 95/98 and Windows Me, disable File and Print Sharing as listed in Microsoft Knowledge Base Article Q199346. |
| Related URL |
CVE-2000-1039 (CVE) |
| Related URL |
2022 (SecurityFocus) |
| Related URL |
5810 (ISS) |
|
