ISS X-Force Database: win-oob(173): Out of Band (OOB) data denial of service

Out of Band (OOB) data denial of service

win-oob (173)

Medium Risk

Description:

By sending out-of-band data to port 139, an attacker can cause a Windows system to lose network capability and possibly crash.

Platforms Affected:

Apple, Mac OS
Cisco, IOS
Compaq, Tru64
Data General, DG/UX
HP, HP-UX
IBM, AIX
IBM, OS2
Linux, Kernel
Microsoft, Windows 95
Microsoft, Windows 98
Microsoft, Windows 98SE
Microsoft, Windows NT 4.0
Novell, NetWare
SCO, SCO OpenServer 5.0
SCO, SCO Unix
SGI, IRIX
Sun, Solaris
WindRiver, BSDOS

Remedy:

Apply the latest Windows NT Service Pack (SP4 or higher), available from the Microsoft Product Support Services Web site. See References.

— OR —

As an alternative, Windows NT 4.0 Service Pack 3 (SP3) users who choose not to upgrade to SP4 or higher should apply the post-SP3 teardrop2-fix as listed in Microsoft Knowledge Base Article Q179129. See References. (The teardrop2 patch supersedes the OOB patch. Do not apply the oob-fix unless there is a specific reason to do so in your environment.)

For SCO OpenServer 5.0:
Apply System Security Enhancement patch SSE010, as listed in SCO Security Bulletin 98:01. See References.

Consequences:

Denial of Service

References:

CIAC Information Bulletin H-57, Windows NT/95 Out of Band Data Exploit at http://ciac.llnl.gov/ciac/bulletins/h-57.shtml.
Microsoft Knowledge Base Article 168747, Update to Windows 95 TCP/IP to Address Out-of-Band Issue at http://support.microsoft.com/default.aspx?scid=kb;[LN];168747.
Microsoft Knowledge Base Article 179129, STOP 0x0000000A or 0x00000019 Due to Modified Teardrop Attack at http://support.microsoft.com/default.aspx?scid=kb;[LN];179129.
Microsoft Product Support Services, Windows NT Service Packs at http://www.microsoft.com/ntserver/downloads.
BID-2010: Multiple Vendor "Out Of Band" Data Denial Of Service Vulnerability
CVE-1999-0153: Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.
OSVDB ID: 1666: Multiple Vendor Out Of Band Data DoS (WinNuke)

Reported:

May 14, 1997

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page