> This article:
>
> http://www.pgp.com/research/covert/advisories/045.asp
>
> talks about, as nearly as I can tell, the NetBIOS/CIFS equivalent
> of DNS poisoning. There's no mention of Samba in the article, and
> I was wondering if you'd heard anything about this from the
> Samba ML.
Has anybody looked at this issue? It does affect NetBIOS over TCP/IP.
It looks to me (in source/nmbd/nmbd_packets.c, process_browse_packet())
that we don't handle anything called "Request Browse Frame", and
hence
would be immune to this attack. But since I don't know what a
"Browse Frame Request" is (and the RFC 1002 doesn't mention such
a thing by that moniker), I'm not sure.
--
Tim Braun | Voice: 204-478-8028
Symbol Technologies | FAX: 204-942-3001
1000 Waverley Ave | Email: tim@AirWire.com
Winnipeg, Manitoba, Canada R3T 0P3 |