All Access NetBIOS share found

Vulnerability Description

Brief description: Any user that can log into a Windows 95 machine can access any share.

Full description: A user logged onto a Windows 95 machine effectively has Administrator or root access to the whole machine. This includes any NetBIOS shares that other users may have configured.

Components: NetBIOS shares; trusted.

Systems: Windows 95/98.

Effect(s) of exploiting: The user can access any file that the system can share.

Detecting the hole:

1. If Windows 95 is installed and any NetBIOS shares exist, the vulnerability is present.

Fixing the hole:

1. Remove the share.
2. Enable some form of access control for the share.

Other information:

Keywords

NetBIOS share access control

Cataloguing

PA Classification(s):

RISOS Classification(s):

DCS Classification(s):

CVE Number: CAN-1999-0520 -- A system-critical NETBIOS/SMB share has inappropriate access control.

Exploit Information

Attack: Log on and access the share.

Related Information

Advisories:

Related Vulnerabilities:

Reportage

Reporting: in ( )

Revision Number 1

1. Eric Haugh (6/29/2000):
   Initial entry.