Vulnerability Name: | CVE-2009-0234 (CCN-48906) | ||||||||
Assigned: | 2009-03-10 | ||||||||
Published: | 2009-03-10 | ||||||||
Updated: | 2019-02-26 | ||||||||
Summary: | The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability." | ||||||||
CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P) 4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-20 | ||||||||
Vulnerability Consequences: | Other | ||||||||
References: | Source: CONFIRM Type: UNKNOWN http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx Source: MITRE Type: CNA CVE-2009-0234 Source: OSVDB Type: UNKNOWN 52518 Source: CCN Type: SA34217 Microsoft Windows DNS / WINS Multiple Spoofing Vulnerabilities Source: SECUNIA Type: UNKNOWN 34217 Source: CCN Type: SECTRACK ID: 1021831 Microsoft DNS Server Bugs Let Remote Users Spoof the DNS Service Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm Source: CCN Type: ASA-2009-083 MS09-008 Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238) Source: CCN Type: US-CERT VU#319331 Microsoft Windows DNS Server response validation vulnerability Source: CERT-VN Type: US Government Resource VU#319331 Source: CCN Type: Microsoft Security Bulletin MS09-008 Vulnerabilities in DNS and WINS server could allow Spoofing (962238) Source: CCN Type: Microsoft Security Bulletin MS09-039 Vulnerabilities in WINS Could Allow Remote Code Execution (969883) Source: CCN Type: Microsoft Security Bulletin MS11-035 Vulnerability in WINS Could Allow Remote Code Execution (2524426) Source: CCN Type: Microsoft Security Bulletin MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege (2571621) Source: CCN Type: OSVDB ID: 52518 Microsoft Windows DNS Server Response Response Validation Transaction ID Prediction Weakness Source: BID Type: UNKNOWN 33988 Source: CCN Type: BID-33988 Microsoft Windows DNS Server Incorrect Caching DNS Spoofing Vulnerability Source: SECTRACK Type: UNKNOWN 1021831 Source: CERT Type: US Government Resource TA09-069A Source: VUPEN Type: UNKNOWN ADV-2009-0661 Source: MS Type: UNKNOWN MS09-008 Source: XF Type: UNKNOWN win-dns-cache-spoofing(48906) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:5715 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |