MS03-034: NetBIOS Name Service Reply Information Leakage (824105) (credentialed check)

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.

Synopsis :

Random portions of memory may be disclosed thru the NetBIOS name

Description :

The remote host is running a version of the NetBT name service that
suffers from a memory disclosure problem.

An attacker could send a special packet to the remote NetBT name
service, and the reply will contain random arbitrary data from the
remote host memory. This arbitrary data may be a fragment from the web
page the remote user is viewing, or something more serious like a POP
password or anything else.

An attacker may use this flaw to continuously 'poll' the content of the
memory of the remote host and might be able to obtain sensitive

See also :

Solution :

Microsoft has released a set of patches for Windows NT, 2000, XP and

Risk factor :

Low / CVSS Base Score : 3.3
CVSS Temporal Score : 2.4
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 16299 ()

Bugtraq ID: 8532

CVE ID: CVE-2003-0661