Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0087

Overview

Vulnerability Score 8.8 8.8
CVE Id CVE-2008-0087
Last Modified 07 Mar 2011 10:03:55
Published 08 Apr 2008 07:05:00
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0087

Summary

The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server

  • Microsoft Windows Vista

  • Microsoft Windows-nt Vista

  • Microsoft Windows-nt Xp


References

CERT - TA08-099A

BID - 28553

VUPEN - ADV-2008-1144

MISC - http://www.trusteer.com/docs/windowsresolver.html

SECTRACK - 1019802

BUGTRAQ - 20080408 Microsoft Windows DNS Stub Resolver Cache Poisoning (MS08-020)

MS - MS08-020

SECUNIA - 29696

HP - SSRT080048

HP - HPSBST02329


Last Updated: 27 May 2016 10:46:40