Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

NetBIOS Name Service Reply Information Disclosure

Medium

Synopsis

The remote host is vulnerable to a flaw that allows attackers to disclose memory.

Description

The remote host is running a version of the NetBT name service which suffers from a memory disclosure problem. An attacker may send a special packet to the remote NetBT name service, and the reply will contain random arbitrary data from the remote host memory. This arbitrary data may be a fragment from the web page the remote user is viewing, or something more serious like a cleartext password. An attacker may use this flaw to continuously 'poll' the content of the memory of the remote host and might be able to obtain sensitive information.

Solution

Contact the vendor for a patch or disable NetBIOS over TCP if it is not required.