[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Patch Available for "Malformed IPX NMPI Packet" Vulnerability

Title: Patch Available for "Malformed IPX NMPI Packet" Vulnerability
Released by: MS
Date: 11th October 2000
Printable version: Click here
-----BEGIN PGP SIGNED MESSAGE-----



Microsoft Security Bulletin (MS00-073)

- --------------------------------------



Patch Available for "Malformed IPX NMPI Packet" Vulnerability

Originally posted: October 11, 2000



Summary

=======

Microsoft has released a patch that eliminates a security

vulnerability in Microsoft(r) Windows 95, Windows 98, 98 Second

Edition and Windows Me. The vulnerability could be used to cause an

affected system to fail, and depending on the number of affected

machines on a network, potentially could be used to flood the network

with superfluous data. The affected system component normally is

present only if it has been deliberately installed.



Frequently asked questions regarding this vulnerability and the patch

can be found at

http://www.microsoft.com/technet/security/bulletin/fq00-073.asp



Issue

=====

The Microsoft IPX/SPX protocol implementation (NWLink) includes an

NMPI (Name Management Protocol on IPX) listener that will reply to

any requesting network address. The NMPI listener software does not

filter the requesting computer's network address correctly, and will

therefore reply to a network broadcast address. Such a reply would in

turn cause other IPX NMPI listener programs to also reply. This

sequence of broadcast replies could generate a large amount of

unnecessary network traffic. A machine that crashed due to this

vulnerability could be put back into service by rebooting.



IPX is not installed by default in Windows 98, 98 Second Edition, or

Windows Me, and is only installed by default in Windows 95 if there

is a network card present in the machine at installation time. Even

when IPX is installed, a malicious user's ability to exploit this

vulnerability would depend on whether he could deliver a malformed

NMPI packet to an affected machine. Routers frequently are configured

to drop IPX packets, and if such a router lay between the malicious

user and an affected machine, he could not attack it. Routers on the

Internet, as a rule, do not forward IPX packets, and this would tend

to protect intranets from outside attack, as well as protecting

machines connected to the Internet via dial-up connections. As

discussed in the FAQ, the most likely scenario in which this

vulnerability could be exploited would be one in which a malicious

user on an intranet would attack affected machines on the same

intranet, or one in which a malicious user on the Internet attacked

affected machines on his cable modem or DSL subnet.



Affected Software Versions

==========================

 - Microsoft Windows 95

 - Microsoft Windows 98

 - Microsoft Windows 98 Second Edition

 - Microsoft Windows Me



Patch Availability

==================

 - Microsoft Windows 95

   http://download.microsoft.com/download/win95/Update/11974/

   W95/EN-US/273727USA5.EXE



 - Microsoft Windows 98 and 98 Second Edition

   http://download.microsoft.com/download/win98SE/Update/11974/

   W98/EN-US/273727USA8.EXE



 - Microsoft Windows Me

   http://download.microsoft.com/download/winme/Update/11974/

   WinMe/EN-US/273727USAM.EXE



Note: The above links have been broken for better readability.



Note Additional security patches are available at the Microsoft

Download Center



More Information

================

Please see the following references for more information related to

this issue.



 - Frequently Asked Questions: Microsoft Security Bulletin MS00-073,

   http://www.microsoft.com/technet/security/bulletin/fq00-073.asp

 - Microsoft Knowledge Base article Q273727 discusses this issue

   and will be available soon.

 - Microsoft TechNet Security web site,

   http://www.microsoft.com/technet/security/default.asp



Obtaining Support on this Issue

===============================

This is a fully supported patch. Information on contacting Microsoft

Product Support Services is available at

http://support.microsoft.com/support/contact/default.asp.



Revisions

=========

 - October 11, 2000: Bulletin Created.



- ------------------------------------------------------------------



THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED

"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL

WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF

MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT

SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY

DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,

CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF

MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE

POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION

OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO

THE FOREGOING LIMITATION MAY NOT APPLY.



Last Updated October 11, 2000

(c) 2000 Microsoft Corporation. All rights reserved. Terms of use.



-----BEGIN PGP SIGNATURE-----

Version: PGP Personal Privacy 6.5.3



iQEVAwUBOeSx6Y0ZSRQxA/UrAQG6tgf+I9XZUvvj45r8k52+m5yACtqyQ5zAyOz0

N9e+K3Mcm6Hz1L9zculF9vDvCI3PTpVfBik+PZOkvKiZ+wB3vMQ7nd0kACU7Y+i9

tWy2yaJ4Nf2SzvwFOCqi4MtL8WNEKTo4FIhXYVFCVZ5JMTpL1n4pmrodc2OdoMTZ

FKj5Jjmm1GYkEMJw55WoJUuIaIAMkE0exOhsjVCclbdCdYPAzLp82BRJ79uwjF4P

z0Sq5Hruy+3q6VmU2AFRbaB+Cuer4isfdxYNu/Dc6GBWwUC4jSX9mJ4QOAYfkUd5

jKwCKuxpR5GNMDV8Oc5T2zGurbF3NEwFkQVwRy2drtKlhtahstdzYw==

=7jpY

-----END PGP SIGNATURE-----



   *******************************************************************

You have received  this e-mail bulletin as a result  of your registration

to  the   Microsoft  Product  Security  Notification   Service.  You  may

unsubscribe from this e-mail notification  service at any time by sending

an  e-mail  to  MICROSOFT_SECURITY-SIGNOFF-REQUEST@ANNOUNCE.MICROSOFT.COM

The subject line and message body are not used in processing the request,

and can be anything you like.



To verify the digital signature on this bulletin, please download our PGP

key at http://www.microsoft.com/technet/security/notify.asp.



For  more  information on  the  Microsoft  Security Notification  Service

please  visit  http://www.microsoft.com/technet/security/notify.asp.  For

security-related information  about Microsoft products, please  visit the

Microsoft Security Advisor web site at http://www.microsoft.com/security.








(C) 1999-2000 All rights reserved.