Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485) |
Informations | |||
---|---|---|---|
Name | MS11-058 | First vendor Publication | 2011-08-09 |
Vendor | Microsoft | Last vendor Modification | 2011-10-25 |
Severity (Vendor) | Critical | Revision | 1.2 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Severity Rating: Critical |
Original Source
Url : http://technet.microsoft.com/en-us/security/bulletin/ms11-058 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
50 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12764 | |||
Oval ID: | oval:org.mitre.oval:def:12764 | ||
Title: | DNS NAPTR Query Vulnerability | ||
Description: | The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-1966 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12870 | |||
Oval ID: | oval:org.mitre.oval:def:12870 | ||
Title: | DNS Uninitialized Memory Corruption Vulnerability | ||
Description: | The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-1970 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 1 | |
Os | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-11 | Name : Microsoft Windows DNS Server Remote Code Execution Vulnerability (2562485) File : nvt/secpod_ms11-058.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
74400 | Microsoft Windows DNS Service Non-Existent Domain Query Parsing Remote DoS |
74399 | Microsoft Windows DNS Service NAPTR Query Parsing Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerabili... RuleID : 23951 - Revision : 5 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerabili... RuleID : 23950 - Revision : 6 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerabili... RuleID : 19677 - Revision : 12 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-03-05 | Name : The DNS server running on the remote host has multiple vulnerabilities. File : ms_dns_kb2562485.nasl - Type : ACT_GATHER_INFO |
2011-08-17 | Name : The DNS server running on the remote host is affected by a memory corruption ... File : dns_ms11-058.nasl - Type : ACT_GATHER_INFO |
2011-08-09 | Name : The DNS server running on the remote host has multiple vulnerabilities. File : smb_nt_ms11-058.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-03-06 13:21:28 |
|
2014-02-17 11:47:03 |
|
2014-01-19 21:30:42 |
|
2013-05-11 00:49:51 |
|