Vulnerability Name:

CVE-2009-0094 (CCN-48908)

Assigned:2009-03-10
Published:2009-03-10
Updated:2019-02-26
Summary:The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
Per: http://www.microsoft.com/technet/security/Bulletin/MS09-008.mspx

Mitigating Factors for WPAD WINS Server Registration Vulnerability - CVE-2009-0094

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation.

If WINS server already has WPAD and ISATAP registered than an attacker will not be able to register these as well.

CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P)
4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
5.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CONFIRM
Type: UNKNOWN
http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx

Source: MITRE
Type: CNA
CVE-2009-0094

Source: OSVDB
Type: UNKNOWN
52520

Source: CCN
Type: SA34217
Microsoft Windows DNS / WINS Multiple Spoofing Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
34217

Source: CCN
Type: SECTRACK ID: 1021829
Microsoft WINS Server Registration Validation Flaw Lets Remote Users Conduct Spoofing Attacks

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm

Source: CCN
Type: ASA-2009-083
MS09-008 Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)

Source: CCN
Type: Microsoft Security Bulletin MS09-008
Vulnerabilities in DNS and WINS server could allow Spoofing (962238)

Source: CCN
Type: Microsoft Security Bulletin MS09-039
Vulnerabilities in WINS Could Allow Remote Code Execution (969883)

Source: CCN
Type: Microsoft Security Bulletin MS11-035
Vulnerability in WINS Could Allow Remote Code Execution (2524426)

Source: CCN
Type: Microsoft Security Bulletin MS11-070
Vulnerability in WINS Could Allow Elevation of Privilege (2571621)

Source: CCN
Type: OSVDB ID: 52520
Microsoft Windows WPAD WINS Server Registration Web Proxy MiTM Weakness

Source: BID
Type: UNKNOWN
34013

Source: CCN
Type: BID-34013
Microsoft Windows WINS Server WPAD and ISATAP Access Validation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1021829

Source: CERT
Type: US Government Resource
TA09-069A

Source: VUPEN
Type: UNKNOWN
ADV-2009-0661

Source: MS
Type: UNKNOWN
MS09-008

Source: XF
Type: UNKNOWN
win-wins-wpad-registration-spoofing(48908)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6117

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:6117
    V
    WPAD WINS Server Registration Vulnerability
    2011-11-14
    BACK
    microsoft windows 2000 * sp4
    microsoft windows server 2003 *
    microsoft windows server 2003 * sp1
    microsoft windows server 2003 * sp1
    microsoft windows server 2003 * sp2
    microsoft windows server 2008 *
    microsoft windows server 2008 *
    microsoft windows 2000 - sp4
    microsoft windows 2003_server
    microsoft windows 2003_server sp1
    microsoft windows 2003_server sp1_itanium
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2