Ê WINS System Weakness Vulnerability in NT Wins Service SYSTEMS AFFECTED WindowsNT Servers (3.51/4.0) Running WINS. PROBLEM There is an inherent flaw in the NT Windows Internet Name Service (WINS). The flaw could cause slow down in server performance as well as use of all available disk space. IMPACT By creating Errors in the system Event Logs, a servers performance could seriously be degraded to a crawl. Depending on the way the system administrator has logging configured, the exploit could also cause all of the systems hard drive resources to be used. This is being recorded as a nuisance flaw. EXPLOIT WindowsNT Servers that are running the WINS Service, listen for connections on TCP Port42. By opening a Telnet session to this port and feeding the connection garbage text, an error is written to the Event Log. By quickly automating the process, the Event Log could quickly be filled, causing system slow down and possibly, use of all free hard drive space. SOLUTION None as of yet. The contents of this advisory are Copyright (c) 1998 the Rhino9 security research team, this document may be distributed freely, as long as proper credit is given. Ê ÊÊ