Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0988

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2006-0988
Last Modified 05 Sep 2008 05:00:43
Published 03 Mar 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0988

Summary

The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows Nt 4.0


References

MISC - http://www.us-cert.gov/reading_room/DNS-recursion121605.pdf

BUGTRAQ - 20060228 recursive DNS servers DDoS as a growing DDoS problem

MISC - http://dns.measurement-factory.com/surveys/sum1.html


Last Updated: 27 May 2016 10:41:52