Lucene search

MitreCVELIST:CVE-1999-1593

HistoryJan 15, 2009 - 1:00 a.m.

CVE-1999-1593

2009-01-1501:00:00

mitre

www.cve.org

cve-1999-1593

windows

internet naming service

denial of service

connectivity loss

steal credentials

1ch registration

domain controller

malicious server

windows 95

windows 98

primary domain controller

vulnerability

AI Score

6.6

Confidence

High

EPSS

0.024

Percentile

90.0%

JSON

Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable.

References

archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00371.html

seclists.org/bugtraq/2001/Jan/0264.html

seclists.org/bugtraq/2001/Jan/0269.html

seclists.org/bugtraq/2001/Jan/0271.html

seclists.org/bugtraq/2001/Jan/0274.html

seclists.org/bugtraq/2001/Jan/0276.html

seclists.org/bugtraq/2001/Jan/0289.html

seclists.org/bugtraq/2001/Jan/0298.html

www.securityfocus.com/bid/2221

www2.sans.org/reading_room/whitepapers/win2k/185.php