National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2007-3898 Detail

Description

The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.

Source:  MITRE      Last Modified:  11/13/2007

Quick Info

CVE Dictionary Entry:
CVE-2007-3898
Original release date:
11/13/2007
Last revised:
09/28/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
6.4 MEDIUM
Vector:
(AV:N/AC:L/Au:N/C:N/I:P/A:P) (legend)
Impact Subscore:
4.9
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://securityreason.com/securityalert/3373 External Source SREASON 3373
http://www.kb.cert.org/vuls/id/484649 US Government Resource External Source CERT-VN VU#484649
http://www.microsoft.com/technet/security/bulletin/ms07-062.mspx Patch External Source MS MS07-062
http://www.scanit.be/advisory-2007-11-14.html External Source MISC http://www.scanit.be/advisory-2007-11-14.html
http://www.securityfocus.com/archive/1/archive/1/483635/100/0/threaded External Source BUGTRAQ 20071113 After 6 months - fix available for Microsoft DNS cache poisoning attack
http://www.securityfocus.com/archive/1/archive/1/483698/100/0/threaded External Source BUGTRAQ 20071114 Predictable DNS transaction IDs in Microsoft DNS Server
http://www.securityfocus.com/archive/1/archive/1/484186/100/0/threaded External Source HP HPSBST02291
http://www.securityfocus.com/bid/25919 Exploit; Patch External Source BID 25919
http://www.securitytracker.com/id?1018942 External Source SECTRACK 1018942
http://www.trusteer.com/docs/windowsdns.html External Source MISC http://www.trusteer.com/docs/windowsdns.html
http://www.us-cert.gov/cas/techalerts/TA07-317A.html US Government Resource External Source CERT TA07-317A
http://www.vupen.com/english/advisories/2007/3848 External Source VUPEN ADV-2007-3848
https://exchange.xforce.ibmcloud.com/vulnerabilities/36805 External Source XF win-dns-spoof-information-disclosure(36805)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4395 External Source OVAL oval:org.mitre.oval:def:4395

References to Check Content

Identifier:
oval:org.mitre.oval:def:4395
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:4395

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:o:microsoft:windows_2000:*:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:gold:adv_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:gold:datacenter_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:gold:srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:adv_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:datacenter_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:adv_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:datacenter_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp3:adv_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp3:datacenter_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp3:srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:adv_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:datacenter_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:datacenter:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:enterprise:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:std:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:x64-datacenter:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:x64-enterprise:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:x64-std:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:datacenter:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:enterprise:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:std:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:datacenter:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:enterprise:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:std:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 4 change records found - show changes