Vulnerability Name: CVE-2010-1689 (CCN-58345) Assigned: 2010-05-04 Published: 2010-05-04 Updated: 2020-04-09 Summary: The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025 . CVSS v3 Severity: 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P 4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): Partial
5.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P 4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-310 Vulnerability Consequences: Gain Access References: Source: CCN[CORE-2010-0427] Windows SMTP Service DNS query Id vulnerabilities 20100504 [CORE-2010-0427] Windows SMTP Service DNS query Id vulnerabilities CVE-2010-1689 Windows SMTP Service Uses Predictable Transaction IDs and Fails to Validate Response IDs Which May Permit DNS Spoofing 1023939 http://www.coresecurity.com/content/CORE-2010-0424-windows-smtp-dns-query-id-bugs Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832) Vulnerability in Microsoft Exchange Server Could Allow Denial of Service (2407132) 39908 Microsoft Windows SMTP Server Insufficient Query ID Randomization DNS Spoofing Vulnerability ms-smtp-queryid-spoofing(58345) Vulnerable Configuration: Configuration 1 :cpe:/o:microsoft:windows_2000:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2000:-:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2000:-:sp3:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:* Configuration 2 :cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:-:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:-:sp3:*:*:*:*:*:* Configuration 3 :cpe:/o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:* Configuration 4 :cpe:/o:microsoft:windows_server_2008:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:-:*:*:*:*:*:* Configuration 5 :cpe:/a:microsoft:exchange_server:2003:-:*:*:*:*:*:* OR cpe:/a:microsoft:exchange_server:2003:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:exchange_server:2007:-:*:*:*:*:*:* OR cpe:/a:microsoft:exchange_server:2007:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:exchange_server:2007:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:exchange_server:2010:-:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:* OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:exchange_server:2003:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:exchange_server:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:* OR cpe:/a:microsoft:exchange_server:2007:*:*:*:*:*:*:* OR cpe:/a:microsoft:exchange_server:2007:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:* BACK
microsoft windows 2000 - sp1
microsoft windows 2000 - sp2
microsoft windows 2000 - sp3
microsoft windows 2000 - sp4
microsoft windows xp - sp1
microsoft windows xp - sp2
microsoft windows xp - sp3
microsoft windows server 2003 - sp1
microsoft windows server 2003 - sp2
microsoft windows server 2008 - sp1
microsoft windows server 2008 - sp2
microsoft windows server 2008 r2 -
microsoft exchange server 2003 -
microsoft exchange server 2003 sp1
microsoft exchange server 2003 sp2
microsoft exchange server 2007 -
microsoft exchange server 2007 sp1
microsoft exchange server 2007 sp2
microsoft exchange server 2010 -
microsoft windows 2000 - sp4
microsoft windows xp sp2
microsoft exchange server 2003 sp1
microsoft exchange server 2003
microsoft exchange server 2003 sp2
microsoft windows server_2003 sp2
microsoft windows server_2003 sp2
microsoft windows server_2003 sp2
microsoft windows xp sp2
microsoft exchange server 2007
microsoft exchange server 2007 sp1
microsoft windows server 2008 -
microsoft windows server 2008 -
microsoft windows xp sp3
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft windows server 2008 - r2
Denotes that component is vulnerable