Lucene search

[email protected]CVE-2006-0988

HistoryMar 03, 2006 - 11:02 a.m.

CVE-2006-0988

2006-03-0311:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-0988

dns server

windows server

windows 2000

microsoft dns server

windows nt 4.0

denial of service

traffic amplification

dns queries

security vulnerability

remote attack

7.5 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.015 Low

EPSS

Percentile

86.8%

JSON

The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.

CPENameOperatorVersion
microsoft:windows_ntmicrosoft windows nteq4.0
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_2003_servermicrosoft windows 2003 servereqr2

CPE	Name	Operator	Version
microsoft:windows_nt	microsoft windows nt	eq	4.0
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_2003_server	microsoft windows 2003 server	eq	r2

References

dns.measurement-factory.com/surveys/sum1.html

www.securityfocus.com/archive/1/426368/100/0/threaded

www.us-cert.gov/reading_room/DNS-recursion121605.pdf

7.5 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.015 Low

EPSS

Percentile

86.8%

JSON

Related for CVE-2006-0988

cvelist1 prion1