Secunia Security Advisory - Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to poison a DNS cache and conduct spoofing attacks.
94dba437275f8ec4863e378f854dbc224c1c18925c5edbd0417c72670a28de0d----------------------------------------------------------------------
Did you know? Our assessment and impact rating along with detailed
information such as exploit code availability, or if an updated patch
is released by the vendor, is not part of this mailing-list?
Click here to learn more about our commercial solutions:
http://secunia.com/advisories/business_solutions/
Click here to trial our solutions:
http://secunia.com/advisories/try_vi/
----------------------------------------------------------------------
TITLE:
Microsoft Windows DNS / WINS Multiple Spoofing Vulnerabilities
SECUNIA ADVISORY ID:
SA34217
VERIFY ADVISORY:
http://secunia.com/advisories/34217/
DESCRIPTION:
Some vulnerabilities have been reported in Microsoft Windows, which
can be exploited by malicious people to poison a DNS cache and
conduct spoofing attacks.
1) An error in the Windows DNS server may cause it to not properly
reuse cached responses. This can be exploited via specially crafted
DNS queries to poison the DNS cache and thus redirect network
traffic.
2) An error in the Windows DNS server may cause it to not properly
cache DNS responses. This may increase the predictability of
subsequent transaction IDs and can be exploited to poison the DNS
cache via specifically crafted queries sent to the DNS server.
3) The Windows DNS server does not properly validate who can register
WPAD entries when dynamic update is used and ISATAP and WPAD are not
already registered in DNS. This can be exploited to conduct MitM
(Man-in-the-Middle) attacks by registering "WPAD" in the DNS database
pointing to a desired IP address.
4) The Windows WINS server does not properly validate who can
register WPAD or ISATAP entries. This can be exploited to conduct
MitM (Man-in-the-Middle) attacks by registering WPAD or ISATP in the
WINS database pointing to a desired IP address.
Vulnerabilities #3 and #4 may be related to:
SA27901
SOLUTION:
Apply Patches.
DNS server on Microsoft Windows 2000 Server SP4 (961063):
http://www.microsoft.com/downloads/details.aspx?familyid=110354f7-5ece-4c4d-b563-3adba6ac0116
WINS server on Microsoft Windows 2000 Server SP4 (961064):
http://www.microsoft.com/downloads/details.aspx?familyid=4319abb3-1ea2-466a-a815-c0b3b86b4462
DNS server on Windows Server 2003 SP1 and SP2 (961063):
http://www.microsoft.com/downloads/details.aspx?familyid=6cc42c9e-c34e-4577-8b23-9e07e2369878
WINS server on Windows Server 2003 SP1 and SP2 (961064):
http://www.microsoft.com/downloads/details.aspx?familyid=049e5db5-7315-4188-99fd-4a54833e6bf2
DNS server on Windows Server 2003 x64 Edition and SP2 (961063):
http://www.microsoft.com/downloads/details.aspx?familyid=b1f81fd2-0099-4450-8543-0459561d22d0
WINS server on Windows Server 2003 x64 Edition and SP2 (961064):
http://www.microsoft.com/downloads/details.aspx?familyid=4a393c63-eff5-4c8c-9c3f-33ce45c32428
DNS server on Windows Server 2003 with SP1 and SP2 for Itanium-based
Systems (961063):
http://www.microsoft.com/downloads/details.aspx?familyid=d3ed7d9a-d652-4bd0-aecc-5a415bec6c59
WINS server on Windows Server 2003 with SP1 and SP2 for Itanium-based
Systems (961064):
http://www.microsoft.com/downloads/details.aspx?familyid=37e3a75e-0a5d-4df0-881f-cdb87efa4dcf
DNS server on Windows Server 2008 for 32-bit Systems (961063):
http://www.microsoft.com/downloads/details.aspx?familyid=92e89882-d656-4b61-a05c-3afb44895f08
DNS server on Windows Server 2008 for x64-based Systems (961063):
http://www.microsoft.com/downloads/details.aspx?familyid=be068d06-5939-4ad8-8191-e85931ed610f
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
MS09-008 (KB962238, KB961063, KB961064):
http://www.microsoft.com/technet/security/Bulletin/MS09-008.mspx
OTHER REFERENCES:
SA27901:
http://secunia.com/advisories/27901/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed