Microsoft NetBIOS security hole.

Tim Braun tim at
Fri Sep 15 15:57:08 GMT 2000

> This article:
> talks about, as nearly as I can tell, the NetBIOS/CIFS equivalent
> of DNS poisoning. There's no mention of Samba in the article, and
> I was wondering if you'd heard anything about this from the
> Samba ML.

Has anybody looked at this issue?  It does affect NetBIOS over TCP/IP.
It looks to me (in source/nmbd/nmbd_packets.c, process_browse_packet())
that we don't handle anything called "Request Browse Frame", and hence
would be immune to this attack.   But since I don't know what a 
"Browse Frame Request" is (and the RFC 1002 doesn't mention such
a thing by that moniker), I'm not sure.

Tim Braun                          | Voice: 204-478-8028
Symbol Technologies                | FAX:   204-942-3001
1000 Waverley Ave                  | Email: tim at
Winnipeg, Manitoba, Canada R3T 0P3 |

More information about the samba mailing list