| VID |
28012 |
| Severity |
30 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A vulnerability exists in the password verification scheme utilized by Microsoft Windows 9x/Me SMB protocol implementation. This vulnerability will allow any user to access the Windows 9x file shared service with password protection. Potential attackers don't have to know the share password.
This plugin attempts to access remote shares using a 1-byte password.
* Platforms Affected :
Microsoft Windows 95, 98, ME
* References:
http://www.microsoft.com/technet/security/bulletin/ms00-072.asp
http://www.iss.net/security_center/static/5395.php |
| Recommendation |
1. If do not need, remove the shares.
2. Go to the following site, and download and install a patch.
Windos ME:
Microsoft patch 273991USAM
http://download.microsoft.com/download/winme/Update/11958/WinMe/EN-US/273991USAM.EXE
Windows 98se:
Microsoft patch 273991USA8
http://download.microsoft.com/download/win98SE/Update/11958/W98/EN-US/273991USA8.EXE
Windows 98:
Microsoft patch 273991USA8
http://download.microsoft.com/download/win98SE/Update/11958/W98/EN-US/273991USA8.EXE
Windows 95:
The patches are not available. The only way is not to make shares anymore. |
| Related URL |
CVE-2000-0979 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
