Vulnerability CVE-2000-1218 - CERT Civis.Net

Vulnerability Name:

CVE-2000-1218 (CCN-4280)

Assigned:

2000-04-14

Published:

2000-04-14

Updated:

2019-04-30

Summary:

The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Data Manipulation

References:

Source: MITRE
Type: CNA
CVE-2000-1218

Source: CCN
Type: US-CERT VU#458659
Microsoft Windows domain name resolver service accepts responses from non-queried DNS servers by default

Source: CERT-VN
Type: US Government Resource
VU#458659

Source: CCN
Type: Microsoft TechNet
Microsoft Windows 2000 TCP/IP Implementation Details

Source: CCN
Type: OSVDB ID: 18728
Microsoft Windows QueryIpMatching Weakness DNS Cache Poisoning

Source: XF
Type: UNKNOWN
win2k-dns-resolver(4280)

Source: XF
Type: UNKNOWN
win2k-dns-resolver(4280)

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_98:*:gold:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:*:alpha:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp1:alpha:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp2:alpha:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp3:alpha:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp4:alpha:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp5:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp5:alpha:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6:alpha:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_nt:4.0:sp6a:alpha:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:r2:enterprise:*:*:*:*:*

Denotes that component is vulnerable