Vulnerabilities > CVE-2008-1454 - Unspecified vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 8 |
Nessus
NASL family DNS NASL id MS_DNS_KB951746.NASL description According to its self-reported version number, the Microsoft DNS Server running on the remote host contains issues in the DNS library that could allow an attacker to send malicious DNS responses to DNS requests made by the remote host thereby spoofing or redirecting internet traffic from legitimate locations. last seen 2020-06-01 modified 2020-06-02 plugin id 72834 published 2014-03-05 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72834 title MS08-037: Vulnerabilities in DNS Could Allow Spoofing (951746) (uncredentialed check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(72834); script_version("1.13"); script_cvs_date("Date: 2018/11/15 20:50:21"); script_cve_id("CVE-2008-1447", "CVE-2008-1454"); script_bugtraq_id(30131, 30132); script_xref(name:"CERT", value:"800113"); script_xref(name:"IAVA", value:"2008-A-0045"); script_xref(name:"MSFT", value:"MS08-037"); script_xref(name:"MSKB", value:"951746"); script_name(english:"MS08-037: Vulnerabilities in DNS Could Allow Spoofing (951746) (uncredentialed check)"); script_summary(english:"Checks version of Microsoft DNS Server"); script_set_attribute(attribute:"synopsis", value: "The DNS server running on the remote host is vulnerable to DNS spoofing attacks."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the Microsoft DNS Server running on the remote host contains issues in the DNS library that could allow an attacker to send malicious DNS responses to DNS requests made by the remote host thereby spoofing or redirecting internet traffic from legitimate locations."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-037"); script_set_attribute(attribute:"solution", value: "Microsoft has released patches for Windows 2000, 2003, and 2008 Server."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-1454"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/08"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/05"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"DNS"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("ms_dns_version.nasl"); script_require_keys("ms_dns/version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("ms_dns/version"); port = 53; fix = NULL; # Windows Server 2008 if (version =~ "^6\.0\.6001\.22\d{3}$" && ver_compare(ver:version, fix:"6.0.6001.22192") == -1) fix = "6.0.6001.22192"; else if (version =~ "^6\.0\.6001\.18\d{3}$" && ver_compare(ver:version, fix:"6.0.6001.18081") == -1) fix = "6.0.6001.18081"; # Windows Server 2003 else if (version =~ "^5\.2\.3790\.") { # SP2 if ( ver_compare(ver:version, fix:"5.2.3790.3959") >= 0 && ver_compare(ver:version, fix:"5.2.3790.4318") == -1 ) fix = "5.2.3790.4318"; # SP1 else if (ver_compare(ver:version, fix:"5.2.3790.3161") == -1) fix = "5.2.3790.3161"; else audit(AUDIT_LISTEN_NOT_VULN, "Microsoft DNS Server", port, version, "UDP"); } # Windows Server 2000 else if (version =~ "^5\.0\.2195\." && ver_compare(ver:version, fix:"5.0.2195.7162") == -1) fix = "5.0.2195.7162"; else audit(AUDIT_LISTEN_NOT_VULN, "Microsoft DNS Server", port, version, "UDP"); if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_hole(port:port, proto:"udp", extra:report); } else security_hole(port:port, proto:"udp");NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS08-037.NASL description Flaws in the remote DNS library may let an attacker send malicious DNS responses to DNS requests made by the remote host, thereby spoofing or redirecting internet traffic from legitimate locations. last seen 2020-06-01 modified 2020-06-02 plugin id 33441 published 2008-07-08 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33441 title MS08-037: Vulnerabilities in DNS Could Allow Spoofing (953230) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(33441); script_version("1.33"); script_cvs_date("Date: 2018/11/15 20:50:30"); script_cve_id("CVE-2008-1447", "CVE-2008-1454"); script_bugtraq_id(30131, 30132); script_xref(name:"CERT", value:"800113"); script_xref(name:"MSFT", value:"MS08-037"); script_xref(name:"MSKB", value:"951746"); script_xref(name:"MSKB", value:"951748"); script_xref(name:"IAVA", value:"2008-A-0045"); script_name(english:"MS08-037: Vulnerabilities in DNS Could Allow Spoofing (953230)"); script_summary(english:"Determines the presence of update 953230"); script_set_attribute(attribute:"synopsis", value:"The remote host is vulnerable to DNS spoofing attacks."); script_set_attribute(attribute:"description", value: "Flaws in the remote DNS library may let an attacker send malicious DNS responses to DNS requests made by the remote host, thereby spoofing or redirecting internet traffic from legitimate locations."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-037"); script_set_attribute(attribute:"solution", value: "Microsoft has released patches for Windows 2000, XP, and 2003 Server."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/08"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS08-037'; dnsapi_kb = '951748'; dnsexe_kb = '951746'; kbs = make_list(dnsapi_kb, dnsexe_kb); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win2k:'4,5', xp:'2,3', win2003:'1,2', vista:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( get_kb_item("SMB/Registry/HKLM/SYSTEM/CurrentControlSet/Services/DNS/DisplayName") ) is_dns_svr = TRUE; else is_dns_svr = FALSE; if ( (is_dns_svr && hotfix_is_vulnerable(os:"6.0", sp:1, file:"dns.exe", version:"6.0.6001.18081", dir:"\system32", bulletin:bulletin, kb:dnsexe_kb)) || (is_dns_svr && hotfix_is_vulnerable(os:"6.0", sp:1, file:"dns.exe", version:"6.0.6001.22192", min_version:"6.0.6001.22000", dir:"\system32", bulletin:bulletin, kb:dnsexe_kb)) || hotfix_is_vulnerable(os:"5.2", sp:2, file:"dnsapi.dll", version:"5.2.3790.4318", dir:"\system32", bulletin:bulletin, kb:dnsapi_kb) || (is_dns_svr && hotfix_is_vulnerable(os:"5.2", sp:2, file:"dns.exe", version:"5.2.3790.4318", dir:"\system32", bulletin:bulletin, kb:dnsexe_kb)) || hotfix_is_vulnerable(os:"5.2", sp:1, file:"dnsapi.dll", version:"5.2.3790.3161", dir:"\system32", bulletin:bulletin, kb:dnsapi_kb) || (is_dns_svr && hotfix_is_vulnerable(os:"5.2", sp:1, file:"dns.exe", version:"5.2.3790.3161", dir:"\system32", bulletin:bulletin, kb:dnsexe_kb)) || hotfix_is_vulnerable(os:"5.1", sp:2, file:"dnsapi.dll", version:"5.1.2600.3394", dir:"\system32", bulletin:bulletin, kb:dnsapi_kb) || hotfix_is_vulnerable(os:"5.1", sp:3, file:"dnsapi.dll", version:"5.1.2600.5625", dir:"\system32", bulletin:bulletin, kb:dnsapi_kb) || hotfix_is_vulnerable(os:"5.0", file:"dnsapi.dll", version:"5.0.2195.7280", dir:"\system32", bulletin:bulletin, kb:dnsapi_kb) || (is_dns_svr && hotfix_is_vulnerable(os:"5.0", file:"dns.exe", version:"5.0.2195.7162", dir:"\system32", bulletin:bulletin, kb:dnsexe_kb)) ) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_warning(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }
Oval
| accepted | 2011-11-14T04:00:28.614-05:00 | ||||||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||||||
| description | Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447. | ||||||||||||||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:5380 | ||||||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||||||
| submitted | 2008-07-08T14:18:00 | ||||||||||||||||||||||||||||||||||||
| title | DNS Cache Poisoning Vulnerability | ||||||||||||||||||||||||||||||||||||
| version | 72 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 30132 CVE(CAN) ID: CVE-2008-1454 Microsoft Windows是微软发布的非常流行的操作系统。 Windows系统的DNS服务实现上存在漏洞,在某些情况下Windows的DNS服务器可能接受远程服务器权威以外的响应。未经认证的远程攻击者可以向有漏洞系统的DNS请求回复恶意响应,从而使DNS缓存中毒,并将Internet通讯从合法位置重定向至其他位置。 Microsoft Windows Server 2008 Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 SP1 Microsoft Windows 2000SP4 Microsoft --------- Microsoft已经为此发布了一个安全公告(MS08-037)以及相应补丁: MS08-037:Vulnerabilities in DNS Could Allow Spoofing (953230) 链接:<a href=http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx?pf=true target=_blank>http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx?pf=true</a> |
| id | SSV:3583 |
| last seen | 2017-11-19 |
| modified | 2008-07-10 |
| published | 2008-07-10 |
| reporter | Root |
| title | Microsoft Windows DNS服务器缓存中毒漏洞(MS08-037) |
References
- http://secunia.com/advisories/30925
- http://www.securityfocus.com/bid/30132
- http://www.securitytracker.com/id?1020437
- http://www.us-cert.gov/cas/techalerts/TA08-190A.html
- http://www.vupen.com/english/advisories/2008/2019/references
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-037
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5380