Executive Summary

Summary
Title Vulnerability in DNS Server Could Allow Denial of Service (2647170)
Informations
Name MS12-017 First vendor Publication 2012-03-13
Vendor Microsoft Last vendor Modification 2012-04-18
Severity (Vendor) Important Revision 1.1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V1.1 (April 18, 2012): Added a link to Microsoft Knowledge Base Article 2647170 under Known Issues in the Executive Summary and corrected the bulletin replacement information for Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition Service Pack 2, and Windows Server 2003 with SP2 for Itanium-based Systems. This is a bulletin change only. There were no changes to the detection.

Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a remote unauthenticated attacker sends a specially crafted DNS query to the target DNS server.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/ms12-017

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15098
 
Oval ID: oval:org.mitre.oval:def:15098
Title: DNS Denial of Service Vulnerability
Description: The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2012-0006
Version: 4
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 3

OpenVAS Exploits

Date Description
2012-03-14 Name : Microsoft Windows DNS Server Denial of Service Vulnerability (2647170)
File : nvt/secpod_ms12-017.nasl

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-03-15 IAVM : 2012-A-0040 - Microsoft Windows DNS Server Denial of Service Vulnerability
Severity : Category I - VMSKEY : V0031886

Snort® IPS/IDS

Date Description
2014-01-10 excessive outbound NXDOMAIN replies - possible spoof of domain run by local D...
RuleID : 13949 - Revision : 17 - Type : PROTOCOL-DNS

Nessus® Vulnerability Scanner

Date Description
2014-03-05 Name : The DNS server running on the remote host is susceptible to a denial of servi...
File : ms_dns_kb2647170.nasl - Type : ACT_GATHER_INFO
2012-03-13 Name : The remote Windows host is susceptible to a denial of service attack.
File : smb_nt_ms12-017.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
Date Informations
2018-06-20 12:07:43
  • Multiple Updates
2017-03-23 00:25:04
  • Multiple Updates
2017-03-20 21:24:54
  • Multiple Updates
2016-04-26 23:05:58
  • Multiple Updates
2014-03-06 13:21:28
  • Multiple Updates
2014-02-17 11:47:16
  • Multiple Updates
2014-01-19 21:30:48
  • Multiple Updates
2013-11-11 12:41:27
  • Multiple Updates