The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=120845064910729&w=2 | Mailing List Third Party Advisory |
http://secunia.com/advisories/29696 | Broken Link Third Party Advisory |
http://www.securityfocus.com/archive/1/490575/100/0/threaded | Broken Link Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/28553 | Broken Link Patch Third Party Advisory VDB Entry |
http://www.securitytracker.com/id?1019802 | Broken Link Third Party Advisory VDB Entry |
http://www.trusteer.com/docs/windowsresolver.html | Broken Link |
http://www.us-cert.gov/cas/techalerts/TA08-099A.html | Broken Link Third Party Advisory US Government Resource |
http://www.vupen.com/english/advisories/2008/1144/references | Broken Link |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-020 | Patch Vendor Advisory |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5314 | Broken Link Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Feb 2024, 16:54
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:itanium:* cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:itanium:* cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:* |
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_xp:-:-:*:*:professional:*:x64:* cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:* |
First Time |
Microsoft windows Xp
Microsoft windows Server 2003 |
|
CWE | CWE-330 | |
References | (MS) https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-020 - Patch, Vendor Advisory | |
References | (BID) http://www.securityfocus.com/bid/28553 - Broken Link, Patch, Third Party Advisory, VDB Entry | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/490575/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5314 - Broken Link, Third Party Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id?1019802 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/29696 - Broken Link, Third Party Advisory | |
References | (CERT) http://www.us-cert.gov/cas/techalerts/TA08-099A.html - Broken Link, Third Party Advisory, US Government Resource | |
CVSS |
v2 : v3 : |
v2 : 8.8
v3 : 7.5 |
Information
Published : 2008-04-08 23:05
Updated : 2024-02-28 11:21
NVD link : CVE-2008-0087
Mitre link : CVE-2008-0087
CVE.ORG link : CVE-2008-0087
JSON object : View
Products Affected
microsoft
- windows_xp
- windows_server_2003
- windows_2000
- windows_vista
CWE
CWE-330
Use of Insufficiently Random Values