ID CVE-2007-3898
Summary The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
References
Vulnerable Configurations
  • Microsoft windows 2000_gold
    cpe:2.3:o:microsoft:windows_2000:-:gold
  • cpe:2.3:o:microsoft:windows_2000:-:gold:adv_srv
    cpe:2.3:o:microsoft:windows_2000:-:gold:adv_srv
  • cpe:2.3:o:microsoft:windows_2000:-:gold:datacenter_srv
    cpe:2.3:o:microsoft:windows_2000:-:gold:datacenter_srv
  • cpe:2.3:o:microsoft:windows_2000:-:gold:srv
    cpe:2.3:o:microsoft:windows_2000:-:gold:srv
  • Microsoft windows 2000_sp1
    cpe:2.3:o:microsoft:windows_2000:-:sp1
  • cpe:2.3:o:microsoft:windows_2000:-:sp1:adv_srv
    cpe:2.3:o:microsoft:windows_2000:-:sp1:adv_srv
  • cpe:2.3:o:microsoft:windows_2000:-:sp1:datacenter_srv
    cpe:2.3:o:microsoft:windows_2000:-:sp1:datacenter_srv
  • cpe:2.3:o:microsoft:windows_2000:-:sp1:srv
    cpe:2.3:o:microsoft:windows_2000:-:sp1:srv
  • Microsoft windows 2000_sp2
    cpe:2.3:o:microsoft:windows_2000:-:sp2
  • cpe:2.3:o:microsoft:windows_2000:-:sp2:adv_srv
    cpe:2.3:o:microsoft:windows_2000:-:sp2:adv_srv
  • cpe:2.3:o:microsoft:windows_2000:-:sp2:datacenter_srv
    cpe:2.3:o:microsoft:windows_2000:-:sp2:datacenter_srv
  • cpe:2.3:o:microsoft:windows_2000:-:sp2:srv
    cpe:2.3:o:microsoft:windows_2000:-:sp2:srv
  • Microsoft windows 2000_sp3
    cpe:2.3:o:microsoft:windows_2000:-:sp3
  • cpe:2.3:o:microsoft:windows_2000:-:sp3:adv_srv
    cpe:2.3:o:microsoft:windows_2000:-:sp3:adv_srv
  • cpe:2.3:o:microsoft:windows_2000:-:sp3:datacenter_srv
    cpe:2.3:o:microsoft:windows_2000:-:sp3:datacenter_srv
  • cpe:2.3:o:microsoft:windows_2000:-:sp3:srv
    cpe:2.3:o:microsoft:windows_2000:-:sp3:srv
  • Microsoft Windows 2000 Service Pack 4
    cpe:2.3:o:microsoft:windows_2000:-:sp4
  • cpe:2.3:o:microsoft:windows_2000:-:sp4:adv_srv
    cpe:2.3:o:microsoft:windows_2000:-:sp4:adv_srv
  • cpe:2.3:o:microsoft:windows_2000:-:sp4:datacenter_srv
    cpe:2.3:o:microsoft:windows_2000:-:sp4:datacenter_srv
  • cpe:2.3:o:microsoft:windows_2000:-:sp4:srv
    cpe:2.3:o:microsoft:windows_2000:-:sp4:srv
  • Microsoft windows 2003_gold
    cpe:2.3:o:microsoft:windows_2003_server:-:gold
  • Microsoft windows 2003_gold datacenter
    cpe:2.3:o:microsoft:windows_2003_server:-:gold:datacenter
  • Microsoft windows 2003_gold enterprise
    cpe:2.3:o:microsoft:windows_2003_server:-:gold:enterprise
  • Microsoft Windows 2003 gold itanium
    cpe:2.3:o:microsoft:windows_2003_server:-:gold:itanium
  • cpe:2.3:o:microsoft:windows_2003_server:-:gold:std
    cpe:2.3:o:microsoft:windows_2003_server:-:gold:std
  • Microsoft Windows 2003 Server Gold x64 (64-bit)
    cpe:2.3:o:microsoft:windows_2003_server:-:gold:x64
  • Microsoft Windows 2003 Server Gold x64 (64-bit) Datacenter Edition
    cpe:2.3:o:microsoft:windows_2003_server:-:gold:x64-datacenter
  • Microsoft Windows 2003 Server Gold x64 (64-bit) Enterprise Edition
    cpe:2.3:o:microsoft:windows_2003_server:-:gold:x64-enterprise
  • cpe:2.3:o:microsoft:windows_2003_server:-:gold:x64-std
    cpe:2.3:o:microsoft:windows_2003_server:-:gold:x64-std
  • Microsoft Windows 2003 Server Service Pack 1
    cpe:2.3:o:microsoft:windows_2003_server:-:sp1
  • Microsoft windows 2003_sp1 datacenter
    cpe:2.3:o:microsoft:windows_2003_server:-:sp1:datacenter
  • Microsoft windows 2003_sp1 enterprise
    cpe:2.3:o:microsoft:windows_2003_server:-:sp1:enterprise
  • cpe:2.3:o:microsoft:windows_2003_server:-:sp1:std
    cpe:2.3:o:microsoft:windows_2003_server:-:sp1:std
  • Microsoft Windows 2003 Server Service Pack 2
    cpe:2.3:o:microsoft:windows_2003_server:-:sp2
  • Microsoft windows 2003_sp2 datacenter
    cpe:2.3:o:microsoft:windows_2003_server:-:sp2:datacenter
  • Microsoft windows 2003_sp2 enterprise
    cpe:2.3:o:microsoft:windows_2003_server:-:sp2:enterprise
  • Microsoft Windows 2003 Server Service Pack 2 Itanium
    cpe:2.3:o:microsoft:windows_2003_server:-:sp2:itanium
  • cpe:2.3:o:microsoft:windows_2003_server:-:sp2:std
    cpe:2.3:o:microsoft:windows_2003_server:-:sp2:std
  • Microsoft Windows 2003 Server Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_2003_server:-:sp2:x64
CVSS
Base: 6.4 (as of 14-11-2007 - 21:30)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
exploit-db via4
  • description Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1). CVE-2007-3898. Remote exploit for windows platform
    id EDB-ID:30635
    last seen 2016-02-03
    modified 2007-11-13
    published 2007-11-13
    reporter Alla Berzroutchko
    source https://www.exploit-db.com/download/30635/
    title Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability 1
  • description Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2). CVE-2007-3898. Remote exploit for windows platform
    id EDB-ID:30636
    last seen 2016-02-03
    modified 2007-11-13
    published 2007-11-13
    reporter Alla Berzroutchko
    source https://www.exploit-db.com/download/30636/
    title Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability 2
nessus via4
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS07-062.NASL
    description The remote host has the Windows DNS server installed. There is a flaw in the remote version of this server that could allow an attacker to spoof DNS responses. By exploiting this flaw, an attacker may be able to redirect legitimate traffic from other systems that could allow him to construct more complex attacks.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 28184
    published 2007-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28184
    title MS07-062: Vulnerability in DNS Could Allow Spoofing (941672)
  • NASL family DNS
    NASL id MS_DNS_KB941672.NASL
    description According to its self-reported version number, the Microsoft DNS Server running on the remote host contains an issue with the entropy of transaction IDs that could allow an attacker to spoof DNS responses. By exploiting this issue, an attacker may be able to redirect legitimate traffic from other systems that could allow him to construct more complex attacks.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 72833
    published 2014-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72833
    title MS07-062: Vulnerability in DNS Could Allow Spoofing (941672) (uncredentialed check)
oval via4
accepted 2011-05-09T04:01:33.416-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Jeff Cheng
    organization Hewlett-Packard
  • name Jeff Cheng
    organization Hewlett-Packard
  • name Jeff Cheng
    organization Hewlett-Packard
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
description The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
family windows
id oval:org.mitre.oval:def:4395
status accepted
submitted 2007-11-16T05:29:38
title Vulnerability in DNS Could Allow Spoofing
version 68
refmap via4
bid 25919
bugtraq
  • 20071113 After 6 months - fix available for Microsoft DNS cache poisoning attack
  • 20071114 Predictable DNS transaction IDs in Microsoft DNS Server
cert TA07-317A
cert-vn VU#484649
hp
  • HPSBST02291
  • SSRT071498
misc
ms MS07-062
sectrack 1018942
secunia 27584
sreason 3373
vupen ADV-2007-3848
xf win-dns-spoof-information-disclosure(36805)
Last major update 07-03-2011 - 21:57
Published 13-11-2007 - 20:46
Last modified 15-10-2018 - 17:32
Back to Top