This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
DNS:MS-ANY-QUERY-SPOOFING
|
Severity |
Minor
|
Recommended |
No
|
Category |
DNS
|
Keywords |
Microsoft DNS Server ANY Query Spoofing
|
Release Date |
2013/09/10
|
Update Number |
2298
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
DNS: Microsoft DNS Server ANY Query Spoofing
This signature attempts to detect a spoofing vulnerability in Windows DNS server. The vulnerability is due to a response validation flaw in the Windows DNS server which does not correctly cache specifically crafted DNS responses. Remote unauthenticated attackers could leverage this vulnerability by sending multiple specifically crafted DNS queries of type "ANY" to the DNS server.
Extended Description
The Microsoft Windows DNS Server is prone to a DNS-spoofing vulnerability because the software fails to cache responses to specially crafted DNS queries.
Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.
Affected Products
- Avaya messaging_application_server MM 1.1
- Avaya messaging_application_server MM 2.0
- Avaya messaging_application_server MM 3.0
- Avaya messaging_application_server MM 3.1
- Avaya messaging_application_server
- Microsoft windows_2000_server SP1
- Microsoft windows_2000_server SP2
- Microsoft windows_2000_server SP3
- Microsoft windows_2000_server SP4
- Microsoft windows_2000_server
- Microsoft windows_server_2003_datacenter_edition SP1
- Microsoft windows_server_2003_datacenter_edition
- Microsoft windows_server_2003_datacenter_edition_itanium SP1
- Microsoft windows_server_2003_datacenter_x64_edition SP2
- Microsoft windows_server_2003_datacenter_x64_edition
- Microsoft windows_server_2003_enterprise_edition SP1
- Microsoft windows_server_2003_enterprise_edition
- Microsoft windows_server_2003_enterprise_edition_itanium SP1
- Microsoft windows_server_2003_enterprise_x64_edition SP2
- Microsoft windows_server_2003_enterprise_x64_edition
- Microsoft windows_server_2003_itanium SP1
- Microsoft windows_server_2003_itanium SP2
- Microsoft windows_server_2003_itanium
- Microsoft windows_server_2003_standard_edition SP1
- Microsoft windows_server_2003_standard_edition SP2
- Microsoft windows_server_2003_standard_edition
- Microsoft windows_server_2003_standard_x64_edition
- Microsoft windows_server_2003_terminal_services
- Microsoft windows_server_2003_web_edition SP1
- Microsoft windows_server_2003_web_edition SP2
- Microsoft windows_server_2003_web_edition
- Microsoft windows_server_2003_x64 SP1
- Microsoft windows_server_2003_x64 SP2
- Microsoft windows_server_2008_datacenter_edition
- Microsoft windows_server_2008_enterprise_edition
- Microsoft windows_server_2008_for_32-bit_systems
- Microsoft windows_server_2008_for_x64-based_systems
- Microsoft windows_server_2008_standard_edition
References