ID CVE-2009-0094
Summary The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
References
Vulnerable Configurations
  • Microsoft Windows 2000 Service Pack 4
    cpe:2.3:o:microsoft:windows_2000:-:sp4
  • Microsoft Windows Server 2003
    cpe:2.3:o:microsoft:windows_server_2003
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1:itanium
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1:itanium
  • Microsoft Windows Server 2003 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2
  • Microsoft Windows Server 2008
    cpe:2.3:o:microsoft:windows_server_2008
  • cpe:2.3:o:microsoft:windows_server_2008:-:x64
    cpe:2.3:o:microsoft:windows_server_2008:-:x64
CVSS
Base: 5.5 (as of 11-03-2009 - 10:54)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
msbulletin via4
bulletin_id MS09-008
bulletin_url
date 2009-03-10T00:00:00
impact Spoofing
knowledgebase_id 962238
knowledgebase_url
severity Important
title Vulnerabilities in DNS and WINS Server Could Allow Spoofing
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS09-008.NASL
description The remote host has a Windows DNS server and/or a Windows WINS server installed. Multiple vulnerabilities in the way that Windows DNS servers cache and validate queries as well as the way that Windows DNS servers and Windows WINS servers handle WPAD and ISATAP registration may allow remote attackers to redirect network traffic intended for systems on the Internet to the attacker's own systems.
last seen 2019-02-21
modified 2018-11-15
plugin id 35824
published 2009-03-11
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=35824
title MS09-008: Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)
oval via4
accepted 2011-11-14T04:00:57.877-05:00
class vulnerability
contributors
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Chandan S
    organization SecPod Technologies
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows Server 2003 SP1 (x64) is installed
    oval oval:org.mitre.oval:def:4386
  • comment Microsoft Windows Server 2003 SP1 for Itanium is installed
    oval oval:org.mitre.oval:def:1205
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
    oval oval:org.mitre.oval:def:1442
description The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
family windows
id oval:org.mitre.oval:def:6117
status accepted
submitted 2009-03-10T16:00:00
title WPAD WINS Server Registration Vulnerability
version 68
refmap via4
bid 34013
cert TA09-069A
confirm
ms MS09-008
osvdb 52520
sectrack 1021829
secunia 34217
vupen ADV-2009-0661
Last major update 21-08-2010 - 01:29
Published 11-03-2009 - 10:19
Last modified 26-02-2019 - 09:04
Back to Top