Vulnerabilities > CVE-2007-3898 - Configuration vulnerability in Microsoft products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 34 |
Common Weakness Enumeration (CWE)
Exploit-Db
description Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1). CVE-2007-3898. Remote exploit for windows platform id EDB-ID:30635 last seen 2016-02-03 modified 2007-11-13 published 2007-11-13 reporter Alla Berzroutchko source https://www.exploit-db.com/download/30635/ title Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability 1 description Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2). CVE-2007-3898. Remote exploit for windows platform id EDB-ID:30636 last seen 2016-02-03 modified 2007-11-13 published 2007-11-13 reporter Alla Berzroutchko source https://www.exploit-db.com/download/30636/ title Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability 2
Nessus
NASL family DNS NASL id MS_DNS_KB941672.NASL description According to its self-reported version number, the Microsoft DNS Server running on the remote host contains an issue with the entropy of transaction IDs that could allow an attacker to spoof DNS responses. By exploiting this issue, an attacker may be able to redirect legitimate traffic from other systems that could allow him to construct more complex attacks. last seen 2020-06-01 modified 2020-06-02 plugin id 72833 published 2014-03-05 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72833 title MS07-062: Vulnerability in DNS Could Allow Spoofing (941672) (uncredentialed check) NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS07-062.NASL description The remote host has the Windows DNS server installed. There is a flaw in the remote version of this server that could allow an attacker to spoof DNS responses. By exploiting this flaw, an attacker may be able to redirect legitimate traffic from other systems that could allow him to construct more complex attacks. last seen 2020-06-01 modified 2020-06-02 plugin id 28184 published 2007-11-13 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28184 title MS07-062: Vulnerability in DNS Could Allow Spoofing (941672)
Oval
| accepted | 2011-05-09T04:01:33.416-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors. | ||||||||||||||||||||
| family | windows | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:4395 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2007-11-16T05:29:38 | ||||||||||||||||||||
| title | Vulnerability in DNS Could Allow Spoofing | ||||||||||||||||||||
| version | 71 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 25919 CVE(CAN) ID: CVE-2007-3898 Microsoft Windows是微软发布的非常流行的操作系统。 Windows的DNS服务器实现上存在漏洞,远程攻击者可能利用此漏洞导致DNS欺骗。 在向上游DNS服务器发送请求时Windows的DNS服务(dns.exe)使用了可预测的事件,这允许攻击者执行DNS缓存破坏攻击。当DNS服务器执行递归查询的时候,攻击者就可以通过特制的DNS响应导致欺骗或者从合法位置重定向Internet流量。 Microsoft Windows Server 2003 x64 Edition Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 SP1 Microsoft Windows 2000 Server SP4 Microsoft --------- Microsoft已经为此发布了一个安全公告(MS07-062)以及相应补丁: MS07-062:Vulnerability in DNS Could Allow Spoofing (941672) 链接:<a href="http://www.microsoft.com/technet/security/bulletin/MS07-062.asp" target="_blank">http://www.microsoft.com/technet/security/bulletin/MS07-062.asp</a> |
| id | SSV:2422 |
| last seen | 2017-11-19 |
| modified | 2007-11-15 |
| published | 2007-11-15 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-2422 |
| title | Microsoft Windows递归DNS欺骗漏洞(MS07-062) |
References
- http://www.trusteer.com/docs/windowsdns.html
- http://www.kb.cert.org/vuls/id/484649
- http://www.securityfocus.com/bid/25919
- http://www.securitytracker.com/id?1018942
- http://secunia.com/advisories/27584
- http://www.scanit.be/advisory-2007-11-14.html
- http://www.us-cert.gov/cas/techalerts/TA07-317A.html
- http://securityreason.com/securityalert/3373
- http://www.vupen.com/english/advisories/2007/3848
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36805
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4395
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-062
- http://www.securityfocus.com/archive/1/484186/100/0/threaded
- http://www.securityfocus.com/archive/1/483698/100/0/threaded
- http://www.securityfocus.com/archive/1/483635/100/0/threaded