Oval Definition:
oval:org.mitre.oval:def:5314
Revision Date
:
2011-10-31
Version
:
44
Title
:
DNS Spoofing Attack Vulnerability
Description
:
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
Family
:
windows
Class
:
vulnerability
Status
:
ACCEPTED
Reference(s)
:
CVE-2008-0087
Platform(s)
:
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows XP
Product(s)
:
Definition Synopsis
Vulnerable Windows 2000 SP4
Microsoft Windows 2000 SP4 or later is installed
AND
Dnsapi.dll version is less than 5.0.2195.7151
OR
Vulnerable Windows XP SP2
Microsoft Windows XP SP2 or later is installed
AND
Dnsapi.dll version is less than 5.1.2600.3316
OR
Vulnerable Windows XP x64 SP1/Server 2003 SP1 (x86)/(x64)/(ia-64)
Windows XP x64 SP1/Server 2003 SP1 (x86)/(x64)/(ia-64)
Microsoft Windows XP Professional x64 Edition SP1 is installed
OR
Microsoft Windows Server 2003 SP1 (x86) is installed
OR
Microsoft Windows Server 2003 SP1 (x64) is installed
OR
Microsoft Windows Server 2003 SP1 for Itanium is installed
AND
Dnsapi.dll version is less than 5.2.3790.3092
OR
Vulnerable Windows XP x64 SP2/Server 2003 SP2 (x86)/(x64)/(ia-64)
Windows XP x64 SP2/Server 2003 SP2 (x86)/(x64)/(ia-64)
Microsoft Windows XP x64 Edition SP2 is installed
OR
Microsoft Windows Server 2003 SP2 (x86) is installed
OR
Microsoft Windows Server 2003 SP2 (x64) is installed
OR
Microsoft Windows Server 2003 (ia64) SP2 is installed
AND
Dnsapi.dll version is less than 5.2.3790.4238
OR
Vulnerable Windows Vista (32-bit)/(x64)
Windows Vista (32-bit)/(x64)
Microsoft Windows Vista (32-bit) is installed
OR
Microsoft Windows Vista x64 Edition is installed
AND
Check for LDR/GDR
Dnsapi.dll version is less than 6.0.6000.16615
OR
Check for LDR
Check if version of dnsapi.dll is greater than or equal to 6.0.6000.20000
AND
Check if version of dnsapi.dll is less than 6.0.6000.20740
BACK