Signature Detail

DNS: Microsoft DNS Server ANY Query Spoofing

This signature attempts to detect a spoofing vulnerability in Windows DNS server. The vulnerability is due to a response validation flaw in the Windows DNS server which does not correctly cache specifically crafted DNS responses. Remote unauthenticated attackers could leverage this vulnerability by sending multiple specifically crafted DNS queries of type "ANY" to the DNS server.

Extended Description

The Microsoft Windows DNS Server is prone to a DNS-spoofing vulnerability because the software fails to cache responses to specially crafted DNS queries. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.

Affected Products

• Avaya Messaging Application Server MM 1.1
• Avaya Messaging Application Server MM 2.0
• Avaya Messaging Application Server MM 3.0
• Avaya Messaging Application Server MM 3.1
• Avaya Messaging Application Server
• Microsoft Windows 2000 Server SP1
• Microsoft Windows 2000 Server SP2
• Microsoft Windows 2000 Server SP3
• Microsoft Windows 2000 Server SP4
• Microsoft Windows 2000 Server
• Microsoft Windows Server 2003 Datacenter Edition SP1
• Microsoft Windows Server 2003 Datacenter Edition
• Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
• Microsoft Windows Server 2003 Datacenter x64 Edition SP2
• Microsoft Windows Server 2003 Datacenter x64 Edition
• Microsoft Windows Server 2003 Enterprise Edition SP1
• Microsoft Windows Server 2003 Enterprise Edition
• Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
• Microsoft Windows Server 2003 Enterprise x64 Edition SP2
• Microsoft Windows Server 2003 Enterprise x64 Edition
• Microsoft Windows Server 2003 Itanium SP1
• Microsoft Windows Server 2003 Itanium SP2
• Microsoft Windows Server 2003 Itanium
• Microsoft Windows Server 2003 Standard Edition SP1
• Microsoft Windows Server 2003 Standard Edition SP2
• Microsoft Windows Server 2003 Standard Edition
• Microsoft Windows Server 2003 Standard x64 Edition
• Microsoft Windows Server 2003 Terminal Services
• Microsoft Windows Server 2003 Web Edition SP1
• Microsoft Windows Server 2003 Web Edition SP2
• Microsoft Windows Server 2003 Web Edition
• Microsoft Windows Server 2003 x64 SP1
• Microsoft Windows Server 2003 x64 SP2
• Microsoft Windows Server 2008 Datacenter Edition
• Microsoft Windows Server 2008 Enterprise Edition
• Microsoft Windows Server 2008 for 32-bit Systems
• Microsoft Windows Server 2008 for x64-based Systems
• Microsoft Windows Server 2008 Standard Edition

References

• BugTraq: 33988
• CVE: CVE-2009-0233
• CVE: CVE-2009-0234