Computer Security

Forum
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Microsoft Windows DNS server and DNS client DNS reply spoofing
updated since 14.11.2007
Published:09.07.2008
Source:MICROSOFT
SecurityVulns ID:8336
Type:remote
Level:6/10
Description:Weak pseudo-random generator is used to generate DNS request ID.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2008-1454
 CVE-2008-1447
 CVE-2008-0087
 CVE-2007-3898
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-037 – Important Vulnerabilities in DNS Could Allow Spoofing (953230) (09.07.2008)
 documentAmit Klein, Microsoft Windows DNS Stub Resolver Cache Poisoning (MS08-020) (08.04.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-020 – Important Vulnerability in DNS Client Could Allow Spoofing (945553) (08.04.2008)
 documentAlla Bezroutchko, [Full-disclosure] Predictable DNS transaction IDs in Microsoft DNS Server (14.11.2007)
 documentAmit Klein, After 6 months - fix available for Microsoft DNS cache poisoning attack (14.11.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-062 – Important Vulnerability in DNS Could Allow Spoofing (941672) (14.11.2007)
Files:program for DNS id spoofing
 Microsoft Security Bulletin MS07-062 – Important Vulnerability in DNS Could Allow Spoofing (941672)
 Microsoft Security Bulletin MS08-020 – Important Vulnerability in DNS Client Could Allow Spoofing (945553)
 Microsoft Security Bulletin MS08-037 – Important Vulnerabilities in DNS Could Allow Spoofing (953230)
Discuss:Read or add your comments to this news (0 comments)

Show Threads
Messages
 
Login:* (Register)
Password:*
(private) To:
(reply) Subject:*
Text:

Main Forum (Eng)

General security questions not appropriate for another forums. 		3proxy Forum (Eng)

All 3proxy question must be posted to this forum. 		Bugs, Vulnerabilities, PoCs and Exploits (Eng)

All vulnerability related questions, vulnerability digging and exploit creation. 		Windows programming and administration (Eng)

Administering Windows and application development. 		Unix programming and administation (Eng)

Administering Unix and application development. 		Test forum

Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)
 3proxy Forum (Rus)
 Bugs, Vulnerabilities, PoCs and Exploits (Rus)
 Windows programming and administration (Rus)
 Unix programming and administation (Rus)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Πειςθνγ@Mail.ru