CVE-2009-0233

2009-03-1114:19:15

CWE-20

[email protected]

web.nvd.nist.gov

windows

dns server

vulnerability

remote attackers

predict transaction ids

poison caches

6.3 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.153 Low

EPSS

Percentile

95.9%

JSON

The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka “DNS Server Query Validation Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_2000sp4

microsoftwindows_server_2003

microsoftwindows_server_2003sp1

microsoftwindows_server_2003sp1itanium

microsoftwindows_server_2003sp2

microsoftwindows_server_2008

microsoftwindows_server_2008x64

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_server_2003microsoft windows server 2003eq*
microsoft:windows_server_2008microsoft windows server 2008eq*

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_server_2003	microsoft windows server 2003	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	*