Vulnerability CVE-2007-3898 - CERT Civis.Net

Vulnerability Name:

CVE-2007-3898 (CCN-36805)

Assigned:

2007-11-13

Published:

2007-11-13

Updated:

2021-07-07

Summary:

The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.

CVSS v3 Severity:

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: CCN
Type: BugTraq Mailing List, Tue Nov 13 2007 - 12:26:43 CST
After 6 months - fix available for Microsoft DNS cache poisoning attack

Source: CCN
Type: Full-Disclosure Mailing List, Wed Nov 14 2007 - 06:07:28 CST
Predictable DNS transaction IDs in Microsoft DNS Server

Source: MITRE
Type: CNA
CVE-2007-3898

Source: CCN
Type: HP Security Bulletin HPSBST02291 SSRT071498
Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-061 and MS07-062

Source: CCN
Type: SA27584
Microsoft Windows DNS Service Cache Poisoning Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
27584

Source: SREASON
Type: UNKNOWN
3373

Source: CCN
Type: SECTRACK ID: 1018942
Microsoft Windows DNS Service Insufficent Entropy Lets Remote Users Spoof the DNS Service

Source: CCN
Type: ASA-2007-472
MS07-062 Vulnerability in DNS Could Allow Spoofing (941672)

Source: CCN
Type: Nortel Web site
Nortel Response to Microsoft Security Bulletin MS07-062

Source: CCN
Type: US-CERT VU#484649
Microsoft Windows DNS Server vulnerable to cache poisoning

Source: CERT-VN
Type: US Government Resource
VU#484649

Source: CCN
Type: Microsoft Security Bulletin MS07-062
Vulnerability in DNS Could Allow Spoofing (941672)

Source: MISC
Type: UNKNOWN
http://www.scanit.be/advisory-2007-11-14.html

Source: BUGTRAQ
Type: UNKNOWN
20071113 After 6 months - fix available for Microsoft DNS cache poisoning attack

Source: BUGTRAQ
Type: UNKNOWN
20071114 Predictable DNS transaction IDs in Microsoft DNS Server

Source: HP
Type: UNKNOWN
HPSBST02291

Source: BID
Type: Exploit, Patch
25919

Source: CCN
Type: BID-25919
Microsoft Windows Recursive DNS Spoofing Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018942

Source: MISC
Type: UNKNOWN
http://www.trusteer.com/docs/windowsdns.html

Source: CERT
Type: US Government Resource
TA07-317A

Source: VUPEN
Type: UNKNOWN
ADV-2007-3848

Source: MS
Type: UNKNOWN
MS07-062

Source: XF
Type: UNKNOWN
win-dns-spoof-information-disclosure(36805)

Source: XF
Type: UNKNOWN
win-dns-spoof-information-disclosure(36805)

Source: CCN
Type: IBM Internet Security Systems X-Force Database
Multiple vendor socket entropy DNS spoofing

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:4395

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp1:adv_srv:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp3:adv_srv:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp3:datacenter_srv:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:*:-:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:*:-:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:gold:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:gold:adv_srv:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp2:adv_srv:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp4:adv_srv:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp4:datacenter_srv:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:gold:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:*:-:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:gold:datacenter_srv:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:gold:srv:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp2:datacenter_srv:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp2:srv:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp4:srv:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:gold:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:*:-:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:gold:x64-std:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:sp2:std:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp1:datacenter_srv:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp1:srv:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp3:srv:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:gold:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:gold:std:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:sp1:std:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:4395	V	Vulnerability in DNS Could Allow Spoofing	2011-05-09