DNS: Microsoft DNS Server ANY Query Spoofing
This signature attempts to detect a spoofing vulnerability in Windows DNS server. The vulnerability is due to a response validation flaw in the Windows DNS server which does not correctly cache specifically crafted DNS responses. Remote unauthenticated attackers could leverage this vulnerability by sending multiple specifically crafted DNS queries of type "ANY" to the DNS server.
Extended Description
The Microsoft Windows DNS Server is prone to a DNS-spoofing vulnerability because the software fails to cache responses to specially crafted DNS queries. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.
Affected Products
Avaya messaging_application_server,Microsoft windows_server_2003_standard_edition
Short Name
DNS:MS-ANY-QUERY-SPOOFING
Severity
Minor
Recommended
False
Recommended Action
None
Category
DNS
Keywords
ANY CVE-2009-0233 CVE-2009-0234 DNS Microsoft Query Server Spoofing bid:33988
Release Date
09/10/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
5.8
6.4