| Check Point Reference: |
CPAI-2008-092 |
| Date Published: |
8 Jul 2008 |
| Severity: |
High
|
| Last Updated: |
Wednesday 22 October, 2008 |
| Source: |
Microsoft Security Bulletin MS08-037 |
| Industry Reference: | CVE-2008-1447
US-CERT VU#800113
CVE-2008-3905
CVE-2008-4100 |
| Protection Provided by: |
|
| Who is Vulnerable? | Internet Systems Consortium (ISC) BIND versions prior to 9.5.1
Microsoft Windows 2000 SP4
Windows XP SP2
Windows XP SP3
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition SP2
Windows XP Professional x64 Edition SP3
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP1 (Itanium)
Windows Server 2003 with SP2 (Itanium) |
| Vulnerability Description |
A Spoofing vulnerability has been reported in major DNS implementations, including Microsoft Windows DNS service and Berkeley Internet Name Domain (BIND). DNS Spoofing allows an attacker to change a DNS entry so it would point to an IP of his own choice. This vulnerability could allow an attacker to spoof responses and insert records into the DNS server or client cache, thereby spoofing or redirecting Internet traffic from legitimate locations. |
| Update/Patch Avaliable | Apply patches:
Microsoft Security Bulletin MS08-037 |
| Vulnerability Details | The vulnerability is due to the lack of enough entropy when performing DNS queries, which allows remote attackers to spoof DNS replies. A remote attacker that gained information about a target DNS can exploit this issue to send malicious queries/responses to DNS requests. Successful exploitation could allow the attacker to insert arbitrary addresses into the DNS cache, redirecting Internet traffic from legitimate locations to an address of his choice. |
Feedback