1. CVE-Search
  2. CVE-2007-3898
ID CVE-2007-3898
Summary The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp1:adv_srv:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp1:adv_srv:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:adv_srv:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp3:adv_srv:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:datacenter_srv:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp3:datacenter_srv:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:-:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:-:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:gold:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:gold:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:gold:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:gold:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:srv:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:srv:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:gold:datacenter_srv:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:gold:datacenter_srv:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp1:datacenter_srv:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp1:datacenter_srv:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:gold:x64-std:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:gold:x64-std:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:adv_srv:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:adv_srv:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:std:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp2:std:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:datacenter_srv:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:datacenter_srv:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp2:srv:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp2:srv:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:gold:adv_srv:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:gold:adv_srv:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp1:srv:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp1:srv:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:datacenter_srv:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:datacenter_srv:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:gold:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:gold:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:gold:srv:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:gold:srv:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:adv_srv:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:adv_srv:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:gold:std:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:gold:std:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:sp1:std:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:sp1:std:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:*:gold:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:*:gold:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp3:srv:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp3:srv:*:*:*:*:*
CVSS
Base: 6.4 (as of 07-07-2021 - 16:09)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:P
oval via4
accepted 2011-05-09T04:01:33.416-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Jeff Cheng
    organization Hewlett-Packard
  • name Jeff Cheng
    organization Hewlett-Packard
  • name Jeff Cheng
    organization Hewlett-Packard
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
description The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
family windows
id oval:org.mitre.oval:def:4395
status accepted
submitted 2007-11-16T05:29:38
title Vulnerability in DNS Could Allow Spoofing
version 74
refmap via4
bid 25919
bugtraq
  • 20071113 After 6 months - fix available for Microsoft DNS cache poisoning attack
  • 20071114 Predictable DNS transaction IDs in Microsoft DNS Server
cert TA07-317A
cert-vn VU#484649
hp
  • HPSBST02291
  • SSRT071498
misc
sectrack 1018942
secunia 27584
sreason 3373
vupen ADV-2007-3848
xf win-dns-spoof-information-disclosure(36805)
Last major update 07-07-2021 - 16:09
Published 14-11-2007 - 01:46
Last modified 07-07-2021 - 16:09
Back to Top