cve-1999-1593

Scott Lovenberg scott.lovenberg at gmail.com
Wed Aug 26 00:08:30 UTC 2015


On Tue, Aug 25, 2015 at 6:42 PM, Jeremy Allison <jra at samba.org> wrote:
>
> On Sat, Aug 01, 2015 at 02:56:46PM +0530, VigneshDhanraj G wrote:
> > HI,
> >
> > Is there any fix available for this vulnerability Wins Domain Controller
> > Spoofing Vulnerability.
> >
> > please team help me regarding this vulnerability.
>
> As far as I can tell this is just an inherent issue
> with the way WINS works - no authentication is needed
> to register a name.
>

To be fair, WINS doesn't scale far enough that you have to worry about
external attacks. :D

On a serious note, I actually have heard a tale from our CTO of a
company he used to work at in the 90s that had multiple sites with
somewhere in the neighborhood of 10,000 nodes each (IIRC) running WINS
between them.  The network had... "issues" as he described it.

-- 
Peace and Blessings,
-Scott.



More information about the samba-technical mailing list