Microsoft Windows DNS客户端可预测事件处理ID漏洞(MS08-020)

2008-04-10T00:00:00
ID SSV:3141
Type seebug
Reporter Root
Modified 2008-04-10T00:00:00

Description

BUGTRAQ ID: 28553 CVE(CAN) ID: CVE-2008-1085

Microsoft Windows是微软发布的非常流行的操作系统。

Windows DNS客户端服务在执行DNS查询时,随机选择事件处理值没有提供足够的熵。未经认证的攻击者可以向有漏洞客户端的DNS请求返回恶意响应,欺骗或重新定向合法位置的Internet通讯。

Microsoft Windows XP SP2 Microsoft Windows Vista Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 SP1 Microsoft Windows 2000SP4 Microsoft


Microsoft已经为此发布了一个安全公告(MS08-020)以及相应补丁: MS08-020:Vulnerability in DNS Client Could Allow Spoofing (945553) 链接:<a href=http://www.microsoft.com/technet/security/Bulletin/MS08-020.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/Bulletin/MS08-020.mspx?pf=true</a>

                                        
                                            
                                                &lt;html&gt;
&lt;body&gt;
&lt;script&gt;
var&nbsp;max_n=20;
var&nbsp;n=0;
var&nbsp;x=new&nbsp;Image();
x.onerror=loadnext;
x.onload=loadnext;
function&nbsp;loadnext()
{
if&nbsp;(n&