Microsoft Windows DNS Server Incorrect Caching DNS Spoofing Vulnerability
2009-03-10T00:00:00
ID SMNTC-33988 Type symantec Reporter Symantec Security Response Modified 2009-03-10T00:00:00
Description
Description
The Microsoft Windows DNS Server is prone to a DNS-spoofing vulnerability because the software fails to cache responses to specially crafted DNS queries. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.
Technologies Affected
Avaya Messaging Application Server
Avaya Messaging Application Server MM 1.1
Avaya Messaging Application Server MM 2.0
Avaya Messaging Application Server MM 3.0
Avaya Messaging Application Server MM 3.1
Microsoft Windows 2000 Server
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP4
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
Microsoft Windows Server 2003 Datacenter Edition SP1
Microsoft Windows Server 2003 Datacenter x64 Edition
Microsoft Windows Server 2003 Datacenter x64 Edition SP2
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows Server 2003 Enterprise x64 Edition
Microsoft Windows Server 2003 Enterprise x64 Edition SP2
Microsoft Windows Server 2003 Itanium
Microsoft Windows Server 2003 Itanium SP1
Microsoft Windows Server 2003 Itanium SP2
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Windows Server 2003 Standard Edition SP2
Microsoft Windows Server 2003 Standard x64 Edition
Microsoft Windows Server 2003 Terminal Services
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Web Edition SP1
Microsoft Windows Server 2003 Web Edition SP2
Microsoft Windows Server 2003 x64 SP1
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Server 2008 Datacenter Edition
Microsoft Windows Server 2008 Enterprise Edition
Microsoft Windows Server 2008 Standard Edition
Microsoft Windows Server 2008 for 32-bit Systems
Microsoft Windows Server 2008 for x64-based Systems
Recommendations
Block external access at the network boundary, unless external parties require service.
Ensure that only trusted hosts and networks can send DNS responses to affected computers.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Use NIDS to detect suspicious or anomalous network traffic. Monitor logs for signs of malicious activity.
The vendor has released an advisory and updates. Please see the references for details.
{"published": "2009-03-10T00:00:00", "id": "SMNTC-33988", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [{"differentElements": ["description", "href", "affectedSoftware"], "edition": 1, "lastseen": "2016-09-04T11:41:16", "bulletin": {"published": "2009-03-10T00:00:00", "href": "https://www.symantec.com/security_response/vulnerability.jsp?bid=33988", "cvss": {"score": 0.0, "vector": "NONE"}, "reporter": "Symantec Security Response", "history": [], "description": "### Description\n\nThe Microsoft Windows DNS Server is prone to a DNS-spoofing vulnerability because the software fails to cache responses to specially crafted DNS queries. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks. \n\n### Technologies Affected\n\n * Avaya Messaging Application Server\n * Avaya Messaging Application Server MM 1.1\n * Avaya Messaging Application Server MM 2.0\n * Avaya Messaging Application Server MM 3.0\n * Avaya Messaging Application Server MM 3.1\n * Microsoft Windows 2000 Server\n * Microsoft Windows 2000 Server SP1\n * Microsoft Windows 2000 Server SP2\n * Microsoft Windows 2000 Server SP3\n * Microsoft Windows 2000 Server SP4\n * Microsoft Windows Server 2003 Datacenter Edition\n * Microsoft Windows Server 2003 Datacenter Edition Itanium SP1\n * Microsoft Windows Server 2003 Datacenter Edition SP1\n * Microsoft Windows Server 2003 Datacenter x64 Edition\n * Microsoft Windows Server 2003 Datacenter x64 Edition SP2\n * Microsoft Windows Server 2003 Enterprise Edition\n * Microsoft Windows Server 2003 Enterprise Edition Itanium SP1\n * Microsoft Windows Server 2003 Enterprise Edition SP1\n * Microsoft Windows Server 2003 Enterprise x64 Edition\n * Microsoft Windows Server 2003 Enterprise x64 Edition SP2\n * Microsoft Windows Server 2003 Itanium\n * Microsoft Windows Server 2003 Itanium SP1\n * Microsoft Windows Server 2003 Itanium SP2\n * Microsoft Windows Server 2003 Standard Edition\n * Microsoft Windows Server 2003 Standard Edition SP1\n * Microsoft Windows Server 2003 Standard Edition SP2\n * Microsoft Windows Server 2003 Standard x64 Edition\n * Microsoft Windows Server 2003 Terminal Services\n * Microsoft Windows Server 2003 Web Edition\n * Microsoft Windows Server 2003 Web Edition SP1\n * Microsoft Windows Server 2003 Web Edition SP2\n * Microsoft Windows Server 2003 x64 SP1\n * Microsoft Windows Server 2003 x64 SP2\n * Microsoft Windows Server 2008 Datacenter Edition\n * Microsoft Windows Server 2008 Enterprise Edition\n * Microsoft Windows Server 2008 Standard Edition\n * Microsoft Windows Server 2008 for 32-bit Systems\n * Microsoft Windows Server 2008 for x64-based Systems\n\n### Recommendations\n\n#### Block external access at the network boundary, unless external parties require service.\n\nEnsure that only trusted hosts and networks can send DNS responses to affected computers.\n\n#### Deploy network intrusion detection systems to monitor network traffic for malicious activity.\n\nUse NIDS to detect suspicious or anomalous network traffic. Monitor logs for signs of malicious activity. \n\nThe vendor has released an advisory and updates. Please see the references for details. \n", "bulletinFamily": "software", "viewCount": 0, "cvelist": [], "affectedSoftware": [{"version": "SP2", "name": "Microsoft Windows Server 2003 Datacenter x64 Edition", "operator": "eq"}, {"version": "SP1", "name": "Microsoft Windows Server 2003 Datacenter Edition Itanium", "operator": "eq"}, {"version": "SP1", "name": "Microsoft Windows Server 2003 Datacenter Edition", "operator": "eq"}, {"version": "SP3", "name": "Microsoft Windows 2000 Server", "operator": "eq"}, {"version": "SP4", "name": "Microsoft Windows 2000 Server", "operator": "eq"}, {"version": "SP2", "name": "Microsoft Windows Server 2003 Enterprise x64 Edition", "operator": "eq"}, {"version": "2008", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "x64 SP1", "name": "Microsoft Windows Server 2003", "operator": "eq"}, {"version": "SP1", "name": "Microsoft Windows Server 2003 Web Edition", "operator": "eq"}, {"version": "SP1", "name": "Microsoft Windows Server 2003 Standard Edition", "operator": "eq"}, {"version": "any", "name": "Avaya Messaging Application Server", "operator": "eq"}, {"version": "3.1", "name": "Avaya Messaging Application Server MM", "operator": "eq"}, {"version": "SP1", "name": "Microsoft Windows Server 2003 Enterprise Edition Itanium", "operator": "eq"}, {"version": "SP1", "name": "Microsoft Windows Server 2003 Enterprise Edition", "operator": "eq"}, {"version": "SP2", "name": "Microsoft Windows 2000 Server", "operator": "eq"}, {"version": "2003", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "1.1", "name": "Avaya Messaging Application Server MM", "operator": "eq"}, {"version": "SP2", "name": "Microsoft Windows Server 2003 Itanium", "operator": "eq"}, {"version": "SP2", "name": "Microsoft Windows Server 2003 Standard Edition", "operator": "eq"}, {"version": "x64 SP2", "name": "Microsoft Windows Server 2003", "operator": "eq"}, {"version": "3.0", "name": "Avaya Messaging Application Server MM", "operator": "eq"}, {"version": "SP1", "name": "Microsoft Windows 2000 Server", "operator": "eq"}, {"version": "2.0", "name": "Avaya Messaging Application Server MM", "operator": "eq"}, {"version": "SP1", "name": "Microsoft Windows Server 2003 Itanium", "operator": "eq"}, {"version": "SP2", "name": "Microsoft Windows Server 2003 Web Edition", "operator": "eq"}], "type": "symantec", "hash": "7de7f37d905c4960c1003ed09bcf7d05b53ac429a1d6ed3145c0a43169bcb3c0", "references": ["http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx"], "enchantments": {"score": {"value": 6.4, "modified": "2016-09-04T11:41:16"}}, "title": "Microsoft Windows DNS Server Incorrect Caching DNS Spoofing Vulnerability", "id": "SMNTC-33988", "lastseen": "2016-09-04T11:41:16", "edition": 1, "objectVersion": "1.2", "hashmap": [{"hash": "593efae4be912fe69d80e4ec9a9b28a6", "key": "published"}, {"hash": "52e3bbafc627009ac13caff1200a0dbf", "key": "type"}, {"hash": "a6cf0617087fbf94c46ae41b9b6ac395", "key": "href"}, {"hash": "593efae4be912fe69d80e4ec9a9b28a6", "key": "modified"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "3a963c4b6c34f2fbbb8e8506b401e8be", "key": "affectedSoftware"}, {"hash": "0f073d7ce481bcbd3b6f865341cc3773", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "20b53680891441141458419dc638af07", "key": "description"}, {"hash": "dc8448dead6cff11322df8c08abe32e7", "key": "title"}, {"hash": "d6218597dc7a1b025a781373296b2b63", "key": "reporter"}], "modified": "2009-03-10T00:00:00"}}], "description": "### Description\n\nThe Microsoft Windows DNS Server is prone to a DNS-spoofing vulnerability because the software fails to cache responses to specially crafted DNS queries. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.\n\n### Technologies Affected\n\n * Avaya Messaging Application Server \n * Avaya Messaging Application Server MM 1.1 \n * Avaya Messaging Application Server MM 2.0 \n * Avaya Messaging Application Server MM 3.0 \n * Avaya Messaging Application Server MM 3.1 \n * Microsoft Windows 2000 Server \n * Microsoft Windows 2000 Server SP1 \n * Microsoft Windows 2000 Server SP2 \n * Microsoft Windows 2000 Server SP3 \n * Microsoft Windows 2000 Server SP4 \n * Microsoft Windows Server 2003 Datacenter Edition \n * Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 \n * Microsoft Windows Server 2003 Datacenter Edition SP1 \n * Microsoft Windows Server 2003 Datacenter x64 Edition \n * Microsoft Windows Server 2003 Datacenter x64 Edition SP2 \n * Microsoft Windows Server 2003 Enterprise Edition \n * Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 \n * Microsoft Windows Server 2003 Enterprise Edition SP1 \n * Microsoft Windows Server 2003 Enterprise x64 Edition \n * Microsoft Windows Server 2003 Enterprise x64 Edition SP2 \n * Microsoft Windows Server 2003 Itanium \n * Microsoft Windows Server 2003 Itanium SP1 \n * Microsoft Windows Server 2003 Itanium SP2 \n * Microsoft Windows Server 2003 Standard Edition \n * Microsoft Windows Server 2003 Standard Edition SP1 \n * Microsoft Windows Server 2003 Standard Edition SP2 \n * Microsoft Windows Server 2003 Standard x64 Edition \n * Microsoft Windows Server 2003 Terminal Services \n * Microsoft Windows Server 2003 Web Edition \n * Microsoft Windows Server 2003 Web Edition SP1 \n * Microsoft Windows Server 2003 Web Edition SP2 \n * Microsoft Windows Server 2003 x64 SP1 \n * Microsoft Windows Server 2003 x64 SP2 \n * Microsoft Windows Server 2008 Datacenter Edition \n * Microsoft Windows Server 2008 Enterprise Edition \n * Microsoft Windows Server 2008 Standard Edition \n * Microsoft Windows Server 2008 for 32-bit Systems \n * Microsoft Windows Server 2008 for x64-based Systems \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nEnsure that only trusted hosts and networks can send DNS responses to affected computers.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nUse NIDS to detect suspicious or anomalous network traffic. Monitor logs for signs of malicious activity.\n\nThe vendor has released an advisory and updates. Please see the references for details.\n", "hash": "020d1e1a50e3c071aa2a4d3f4108401d164caae20ef3cc5f52aa06e65f1dc66b", "enchantments": {"score": {"value": -0.0, "vector": "NONE", "modified": "2018-03-13T10:05:41"}, "dependencies": {"references": [], "modified": "2018-03-13T10:05:41"}, "vulnersScore": -0.0}, "type": "symantec", "lastseen": "2018-03-13T10:05:41", "edition": 2, "title": "Microsoft Windows DNS Server Incorrect Caching DNS Spoofing Vulnerability", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/33988", "modified": "2009-03-10T00:00:00", "bulletinFamily": "software", "viewCount": 0, "cvelist": [], "affectedSoftware": [{"version": "2008 Enterprise Edition ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "3.0 ", "name": "Avaya Messaging Application Server MM", "operator": "eq"}, {"version": "2008 Standard Edition ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2003 Standard x64 Edition ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "1.1 ", "name": "Avaya Messaging Application Server MM", "operator": "eq"}, {"version": "2003 Datacenter Edition Itanium SP1 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2003 Datacenter Edition ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2000 Server SP1 ", "name": "Microsoft Windows", "operator": "eq"}, {"version": "2003 Terminal Services ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2008 for x64-based Systems ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2003 Standard Edition SP1 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2003 x64 SP2 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "3.1 ", "name": "Avaya Messaging Application Server MM", "operator": "eq"}, {"version": "2003 Datacenter x64 Edition ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2000 Server SP4 ", "name": "Microsoft Windows", "operator": "eq"}, {"version": "2000 Server SP3 ", "name": "Microsoft Windows", "operator": "eq"}, {"version": "2.0 ", "name": "Avaya Messaging Application Server MM", "operator": "eq"}, {"version": "2003 Enterprise Edition Itanium SP1 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2003 Itanium SP1 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2003 Standard Edition SP2 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2008 Datacenter Edition ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2003 Enterprise x64 Edition ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2000 Server SP2 ", "name": "Microsoft Windows", "operator": "eq"}, {"version": "2003 Standard Edition ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2003 Enterprise Edition SP1 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2003 Itanium SP2 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2008 for 32-bit Systems ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2003 Datacenter x64 Edition SP2 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2003 Datacenter Edition SP1 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2003 Web Edition ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2003 Web Edition SP2 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2003 x64 SP1 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2000 Server ", "name": "Microsoft Windows", "operator": "eq"}, {"version": "2003 Enterprise x64 Edition SP2 ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2003 Itanium ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2003 Enterprise Edition ", "name": "Microsoft Windows Server", "operator": "eq"}, {"version": "2003 Web Edition SP1 ", "name": "Microsoft Windows Server", "operator": "eq"}], "references": ["http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx"], "reporter": "Symantec Security Response", "hashmap": [{"hash": "0d88c769edbb88b20f415e2684332fde", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "2418e104c5144c6d7fe0bd82f3397e61", "key": "description"}, {"hash": "bd950d48f0e2149da9ff0a17ab1dd8f9", "key": "href"}, {"hash": "593efae4be912fe69d80e4ec9a9b28a6", "key": "modified"}, {"hash": "593efae4be912fe69d80e4ec9a9b28a6", "key": "published"}, {"hash": "0f073d7ce481bcbd3b6f865341cc3773", "key": "references"}, {"hash": "d6218597dc7a1b025a781373296b2b63", "key": "reporter"}, {"hash": "dc8448dead6cff11322df8c08abe32e7", "key": "title"}, {"hash": "52e3bbafc627009ac13caff1200a0dbf", "key": "type"}], "objectVersion": "1.3"}
