                             [01.gif] [02.gif]
                                      
                                      
                                  [t5.jpg]
                    NSFOCUS Security Advisory(SA2000-05)
         Topic： Microsoft Windows 9x NETBIOS password verification
                               vulnerability
                       Release Date： August 24, 2000
                             Affected System：
                              ================
                           - Microsoft Windows 95
                           - Microsoft Windows 98
                   - Microsoft Windows 98 Second Edition
                           Non-affected System：
                            ====================
                              - Windows NT 4.0
                               - Windows 2000
                                  Impact:
                                 ==========
   A vulnerability exists in the password verification scheme utilized by
         Microsoft Windows 9x NETBIOS protocol implementation. This
   vulnerability will allow any user to access the Windows 9x file shared
     service with password protection. Attacker don't have to know the
                              share password.
                               Description：
                               =============
    You can set password to protect Microsoft Windows 9x system's shared
     resources. But a vulnerability exists in the password verification
          scheme utilized by Microsoft Windows 9x NETBIOS protocol
     implementation. To verify the password, the length of the password
   depends on the length of the data sent from client to server. That is,
      if a client set the length of password to be 1 byte and send the
   packet to server, the server will only compare it with the first byte
     of the shared password, and if consistent, verification process is
   done. All an attacker need to do is to guess and try the first byte of
                          password in the victim .
    Windows 9x remote management system is also affected cause it adopts
              the same shared password authentication method.
                                Workaround：
                                 =========
                    Close Microsoft file shared service.
                        Microsoft has been informed.
                                 DISCLAIMS:
                                 ==========
      THE INFORMATION PROVIDED IS RELEASED BY NSFOCUS "AS IS" WITHOUT
   WARRANTY OF ANY KIND. NSFOCUS DISCLAIMS ALL WARRANTIES, EITHER EXPRESS
      OR IMPLIED, EXCEPT FOR THE WARRANTIES OF MERCHANTABILITY. IN NO
     EVENTSHALL NSFOCUS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING
    DIRECT, INDIRECT, INCIDENTAL,CONSEQUENTIAL, LOSS OF BUSINESS PROFITS
        OR SPECIAL DAMAGES, EVEN IF NSFOCUS HAS BEEN ADVISED OF THE
      POSSIBILITY OF SUCH DAMAGES. DISTRIBUTION OR REPRODUTION OF THE
   INFORMATION IS PROVIDED THAT THE ADVISORY IS NOT MODIFIED IN ANY WAY.
      〤oypright 1999-2000 NSFOCUS. All Rights Reserved. Terms of use.
                NSFOCUS Security Team <security@nsfocus.com>
                   NSFOCUS INFORMATION TECHNOLOGY CO.,LTD
                          (http://www.nsfocus.com)
                                      
     〤opyright 2000 NSFOCUS Information Technology Co.,Ltd. All Rights
                                 Reserved.
                       Contact:webmaster@nsfocus.com