| Vulnerability Name: | CVE-2009-0233 (CCN-48905) | ||||||||
| Assigned: | 2009-03-10 | ||||||||
| Published: | 2009-03-10 | ||||||||
| Updated: | 2019-02-26 | ||||||||
| Summary: | The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability." | ||||||||
| CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P) 4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: CONFIRM Type: UNKNOWN http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx Source: MITRE Type: CNA CVE-2009-0233 Source: OSVDB Type: UNKNOWN 52517 Source: CCN Type: SA34217 Microsoft Windows DNS / WINS Multiple Spoofing Vulnerabilities Source: SECUNIA Type: UNKNOWN 34217 Source: CCN Type: SECTRACK ID: 1021831 Microsoft DNS Server Bugs Let Remote Users Spoof the DNS Service Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm Source: CCN Type: ASA-2009-083 MS09-008 Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238) Source: CCN Type: Microsoft Security Bulletin MS09-008 Vulnerabilities in DNS and WINS server could allow Spoofing (962238) Source: CCN Type: Microsoft Security Bulletin MS09-039 Vulnerabilities in WINS Could Allow Remote Code Execution (969883) Source: CCN Type: Microsoft Security Bulletin MS11-035 Vulnerability in WINS Could Allow Remote Code Execution (2524426) Source: CCN Type: Microsoft Security Bulletin MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege (2571621) Source: CCN Type: OSVDB ID: 52517 Microsoft Windows DNS Server Query Validation Spoofing Source: BID Type: UNKNOWN 33982 Source: CCN Type: BID-33982 Microsoft Windows DNS Server Response Caching DNS Spoofing Vulnerability Source: SECTRACK Type: UNKNOWN 1021831 Source: CERT Type: US Government Resource TA09-069A Source: VUPEN Type: UNKNOWN ADV-2009-0661 Source: MS Type: UNKNOWN MS09-008 Source: XF Type: UNKNOWN win-dns-query-spoofing(48905) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:6228 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||