| Vulnerability Name: | CVE-2008-0087 (CCN-41480) | ||||||||
| Assigned: | 2008-04-08 | ||||||||
| Published: | 2008-04-08 | ||||||||
| Updated: | 2018-10-30 | ||||||||
| Summary: | The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. | ||||||||
| CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 8.8 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:C/A:C) 6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:C/A:C/E:U/RL:OF/RC:C)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-287 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-0087 Source: CCN Type: HP Security Bulletin HPSBST02329 SSRT080048 rev.1 HPSBST02329 SSRT080048 rev.1 Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-018 to MS08-025 Source: HP Type: Mailing List, Third Party Advisory SSRT080048 Source: CCN Type: SA29696 Microsoft Windows DNS Client Predictable Transaction ID Vulnerability Source: SECUNIA Type: Third Party Advisory 29696 Source: CCN Type: SECTRACK ID: 1019802 Windows DNS Client Lets Remote Users Spoof the System Source: CCN Type: ASA-2008-156 MS08-020 Vulnerability in DNS Client Could Allow Spoofing (945553) Source: CCN Type: NORTEL BULLETIN ID: 2008008788, Rev 1 Centrex IP Client Manager (CICM) response to Microsoft April security bulletin Source: CCN Type: Microsoft Security Bulletin MS08-020 Vulnerability in DNS Client Could Allow Spoofing (945553) Source: CCN Type: Microsoft Security Bulletin MS11-030 Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553) Source: BUGTRAQ Type: UNKNOWN 20080408 Microsoft Windows DNS Stub Resolver Cache Poisoning (MS08-020) Source: BID Type: Patch, Third Party Advisory, VDB Entry 28553 Source: CCN Type: BID-28553 Microsoft Windows DNS Client Service Response Spoofing Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1019802 Source: MISC Type: Broken Link http://www.trusteer.com/docs/windowsresolver.html Source: CERT Type: Third Party Advisory, US Government Resource TA08-099A Source: VUPEN Type: Broken Link ADV-2008-1144 Source: MS Type: UNKNOWN MS08-020 Source: XF Type: UNKNOWN win-dns-client-spoofing(41480) Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:5314 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||