Executive Summary

Summary
Title Microsoft Windows DNS Server vulnerable to cache poisoning
Informations
Name VU#484649 First vendor Publication 2007-11-13
Vendor VU-CERT Last vendor Modification 2007-11-13
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:P)
Cvss Base Score 6.4 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#484649

Microsoft Windows DNS Server vulnerable to cache poisoning

Overview

The Microsoft Windows DNS Server is vulnerable to cache poisoning, which may allow a remote, unauthenticated attacker to cause a Windows DNS server to provide incorrect responses to DNS queries.

I. Description

Microsoft Windows DNS Server is a service that provides DNS serving capabilities for Windows 2000 server and Windows Server 2003. For a DNS server to trust a reply to a DNS request, the reply must contain the correct client source port and address as well as an identifier known as the transaction ID. Windows DNS server uses a predictable transaction ID generator, which can allow DNS cache poisoning.

II. Impact

A remote, unauthenticated attacker may be able to poison the cache of a Windows DNS server. This can cause client machines that use the DNS server to be redirected to malicious domains as the result of an incorrect DNS response.

III. Solution

Apply an update

This issue is addressed in Microsoft Security Bulletin MS07-062.

Systems Affected

VendorStatusDate Updated
Microsoft CorporationVulnerable13-Nov-2007

References


http://www.microsoft.com/technet/security/bulletin/ms07-062.mspx
http://www.trusteer.com/docs/windowsdns.html

Credit

This vulnerability was reported by Microsoft, who in turn credit Alla Berzroutchko of Scanit and Amit Klein of Trusteer.

This document was written by Will Dormann.

Other Information

Date Public11/13/2007
Date First Published11/13/2007 02:28:28 PM
Date Last Updated11/13/2007
CERT Advisory 
CVE NameCVE-2007-3898
Metric4.39
Document Revision3

Original Source

Url : http://www.kb.cert.org/vuls/id/484649

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-16 Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:4395
 
Oval ID: oval:org.mitre.oval:def:4395
Title: Vulnerability in DNS Could Allow Spoofing
Description: The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2007-3898
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows Server 2003
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 20
Os 11
Os 3

Open Source Vulnerability Database (OSVDB)

Id Description
41092 Microsoft Windows DNS Service Predictable Transaction ID Weakness

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows DNS server spoofing attempt
RuleID : 16206 - Revision : 12 - Type : OS-WINDOWS
2014-01-10 dns cache poisoning attempt
RuleID : 13667 - Revision : 19 - Type : PROTOCOL-DNS

Nessus® Vulnerability Scanner

Date Description
2014-03-05 Name : The DNS server running on the remote host is vulnerable to DNS spoofing attacks.
File : ms_dns_kb941672.nasl - Type : ACT_GATHER_INFO
2007-11-13 Name : Remote DNS server is vulnerable to spoofing attacks.
File : smb_nt_ms07-062.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2015-05-08 13:28:04
  • Multiple Updates
2014-03-06 13:21:29
  • Multiple Updates
2013-05-11 12:26:38
  • Multiple Updates