Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553)

🗓️ 10 Jan 2011 00:00:00Reported by Copyright (C) 2011 Greenbone Networks GmbHType 
openvas
 openvas🔗 plugins.openvas.org👁 30 Views

Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553) allows remote attackers to spoof DNS replies, redirect network traffic, and launch man-in-the-middle attacks. Impact Level: System

Related
Refs
Code
ReporterTitlePublishedViews
Family
Check Point Advisories		Preemptive Protection against Microsoft Windows DNS Client Spoofing Vulnerability (MS08-020)
8 Apr 200800:00
checkpoint_advisories
Check Point Advisories		Security Best Practice: Protect Yourself against DNS Cache Poisoning
16 Aug 200700:00
checkpoint_advisories
CVE		CVE-2008-0087
8 Apr 200823:00
cve
Cvelist		CVE-2008-0087
8 Apr 200823:00
cvelist
NVD		CVE-2008-0087
8 Apr 200823:05
nvd
OpenVAS		Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553)
10 Jan 201100:00
openvas
OpenVAS		Microsoft Windows DNS Client Spoofing Vulnerability (MS08-020, 945553)
3 Sep 200800:00
openvas
OpenVAS		Windows vulnerability in DNS Client Could Allow Spoofing (945553)
3 Sep 200800:00
openvas
Prion		Code injection
8 Apr 200823:05
prion
Positive Technologies		PT-2008-1742 · Microsoft · Windows Server 2003 +4
8 Apr 200800:00
ptsecurity
Rows per page
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ms08-020.nasl 5934 2017-04-11 12:28:28Z antu123 $
#
# Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553)
#
# Authors:
# Madhuri D <[email protected]>
#
# Copyright: 
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_id(801701);
  script_version("$Revision: 5934 $");
  script_tag(name:"last_modification", value:"$Date: 2017-04-11 14:28:28 +0200 (Tue, 11 Apr 2017) $");
  script_tag(name:"creation_date", value:"2011-01-10 14:22:58 +0100 (Mon, 10 Jan 2011)");
  script_tag(name:"cvss_base", value:"8.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:C/A:C");
  script_cve_id("CVE-2008-0087");
  script_bugtraq_id(28553);
  script_name("Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553)");
  script_xref(name : "URL" , value : "http://secunia.com/advisories/29696");
  script_xref(name : "URL" , value : "http://securitytracker.com/alerts/2008/Apr/1019802.html");
  script_xref(name : "URL" , value : "http://www.microsoft.com/technet/security/bulletin/ms08-020.mspx");

  script_tag(name:"qod_type", value:"executable_version");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
  script_family("Windows : Microsoft Bulletins");
  script_dependencies("secpod_reg_enum.nasl");
  script_require_ports(139, 445);
  script_mandatory_keys("SMB/WindowsVersion");

  script_tag(name : "impact" , value : "Successful exploitation could allow remote attackers to spoof DNS replies,
  allowing them to redirect network traffic and to launch man-in-the-middle attacks.
  Impact Level: System");
  script_tag(name : "affected" , value : "Microsoft Windows 2K/XP/2003/Vista");
  script_tag(name : "insight" , value : "The flaws are due to the Windows DNS client using predictable
  transaction IDs in outgoing queries and can be exploited to poison the DNS
  cache when the transaction ID is guessed.");
  script_tag(name : "solution" , value : "Run Windows Update and update the listed hotfixes or download and
  update mentioned hotfixes in the advisory from the below link.
  http://www.microsoft.com/technet/security/bulletin/ms08-020.mspx");
  script_tag(name : "summary" , value : "This host is missing a critical security update according to
  Microsoft Bulletin MS08-020.");
  exit(0);
}


include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");

if(hotfix_check_sp(xp:4, win2k:5, win2003:3, winVista:2) <= 0){
  exit(0);
}

# Check for Hotfix 945553 (MS08-020).
if(hotfix_missing(name:"945553") == 0){
  exit(0);
}

## Get System32 path
sysPath = smb_get_system32root();
if(sysPath)
{
  dllVer = fetch_file_version(sysPath, file_name:"dnsapi.dll");
  if(dllVer)
  {
    if(hotfix_check_sp(win2k:5) > 0)
    {
      # Check for dnsapi.dll version < 5.0.2195.7151
      if(version_is_less(version:dllVer, test_version:"5.0.2195.7151")){
        security_message(0);
      }
    }

    else if(hotfix_check_sp(xp:4) > 0)
    {
      SP = get_kb_item("SMB/WinXP/ServicePack");
      if("Service Pack 2" >< SP)
      {
        # Check for dnsapi.dll version < 5.1.2600.3316
        if(version_is_less(version:dllVer, test_version:"5.1.2600.3316")){
          security_message(0);
        }
      }
    }
    
    else if(hotfix_check_sp(win2003:3) > 0)
    {
      SP = get_kb_item("SMB/Win2003/ServicePack");
      if("Service Pack 1" >< SP)
      {
        # Check for dnsapi.dll version < 5.2.3790.3092
        if(version_is_less(version:dllVer, test_version:"5.2.3790.3092")){
          security_message(0);
        }
      }
      else if("Service Pack 2" >< SP)
      {
        # Check for dnsapi.dll version < 5.2.3790.4238
        if(version_is_less(version:dllVer, test_version:"5.2.3790.4238")){
          security_message(0);
        }
      }
      else security_message(0);
    }
  }
}

## Get System32 path
sysPath = smb_get_system32root();
if(sysPath)
{
  dllVer = fetch_file_version(sysPath, file_name:"dnsapi.dll");
  if(dllVer)
  {
    # Windows Vista
    if(hotfix_check_sp(winVista:2) > 0)
    {
      # Grep for dnsapi.dll version < 6.0.6000.16615
      if(version_is_less(version:dllVer, test_version:"6.0.6000.16615")){
          security_message(0);
        }
         exit(0);
    }
  }
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
11 Apr 2017 00:00Current
7High risk
Vulners AI Score7
EPSS0.55738
microsoft windowsdns client serviceresponse spoofingvulnerabilityremote attackersredirect network trafficman-in-the-middlespoofingdns repliesnetwork trafficsecurity updatems08-020hotfixeswindows update.
30