CVE-2007-3898

The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.trusteer.com/docs/windowsdns.html
http://www.kb.cert.org/vuls/id/484649	US Government Resource
http://www.securityfocus.com/bid/25919	Exploit Patch
http://www.securitytracker.com/id?1018942
http://secunia.com/advisories/27584	Patch Vendor Advisory
http://www.scanit.be/advisory-2007-11-14.html
http://www.us-cert.gov/cas/techalerts/TA07-317A.html	US Government Resource
http://securityreason.com/securityalert/3373
http://www.vupen.com/english/advisories/2007/3848
https://exchange.xforce.ibmcloud.com/vulnerabilities/36805
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4395
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-062
http://www.securityfocus.com/archive/1/484186/100/0/threaded
http://www.securityfocus.com/archive/1/483698/100/0/threaded
http://www.securityfocus.com/archive/1/483635/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_2000::sp1::::::*
	cpe:2.3:o:microsoft:windows_2000::sp1:adv_srv:::::
	cpe:2.3:o:microsoft:windows_2000::sp3::::::*
	cpe:2.3:o:microsoft:windows_2000::sp3:adv_srv:::::
	cpe:2.3:o:microsoft:windows_2000::sp3:datacenter_srv:::::
	cpe:2.3:o:microsoft:windows_server_2003::-::::::*
	cpe:2.3:o:microsoft:windows_server_2003::-::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp1::::::*
	cpe:2.3:o:microsoft:windows_server_2003::sp1::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2:x64:::::
	cpe:2.3:o:microsoft:windows_2000::gold::::::*
	cpe:2.3:o:microsoft:windows_2003_server::gold::::::*
	cpe:2.3:o:microsoft:windows_2000::sp4:srv:::::
	cpe:2.3:o:microsoft:windows_2000::gold:datacenter_srv:::::
	cpe:2.3:o:microsoft:windows_2000::sp1:datacenter_srv:::::
	cpe:2.3:o:microsoft:windows_2003_server::gold:x64-std:::::
	cpe:2.3:o:microsoft:windows_2000::sp2:adv_srv:::::
	cpe:2.3:o:microsoft:windows_2003_server::sp2:std:::::
	cpe:2.3:o:microsoft:windows_2000::sp2::::::*
	cpe:2.3:o:microsoft:windows_2000::sp2:datacenter_srv:::::
	cpe:2.3:o:microsoft:windows_2000::sp2:srv:::::
	cpe:2.3:o:microsoft:windows_2000::gold:adv_srv:::::
	cpe:2.3:o:microsoft:windows_2000::sp1:srv:::::
	cpe:2.3:o:microsoft:windows_2000::sp4:datacenter_srv:::::
	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
	cpe:2.3:o:microsoft:windows_2003_server::gold:x64:::::
	cpe:2.3:o:microsoft:windows_2000::gold:srv:::::
	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::
	cpe:2.3:o:microsoft:windows_2000::sp4:adv_srv:::::
	cpe:2.3:o:microsoft:windows_server_2003::-::::::*
	cpe:2.3:o:microsoft:windows_server_2003::-::::::*
	cpe:2.3:o:microsoft:windows_2003_server::gold:std:::::
	cpe:2.3:o:microsoft:windows_2000::sp4::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp1:std:::::
	cpe:2.3:o:microsoft:windows_server_2003::sp1::::::*
	cpe:2.3:o:microsoft:windows_2003_server::gold:itanium:::::
	cpe:2.3:o:microsoft:windows_2000::sp3:srv:::::

Information

Published : 2007-11-13 17:46

Updated : 2021-07-07 09:09

NVD link : CVE-2007-3898

Mitre link : CVE-2007-3898

JSON object : View

CWE

CWE-16

Configuration

Products Affected

microsoft

windows_server_2003
windows_2003_server
windows_2000

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.trusteer.com/docs/windowsdns.html", "name": "http://www.trusteer.com/docs/windowsdns.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.kb.cert.org/vuls/id/484649", "name": "VU#484649", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/25919", "name": "25919", "tags": ["Exploit", "Patch"], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1018942", "name": "1018942", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/27584", "name": "27584", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.scanit.be/advisory-2007-11-14.html", "name": "http://www.scanit.be/advisory-2007-11-14.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA07-317A.html", "name": "TA07-317A", "tags": ["US Government Resource"], "refsource": "CERT"}, {"url": "http://securityreason.com/securityalert/3373", "name": "3373", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2007/3848", "name": "ADV-2007-3848", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36805", "name": "win-dns-spoof-information-disclosure(36805)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4395", "name": "oval:org.mitre.oval:def:4395", "tags": [], "refsource": "OVAL"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-062", "name": "MS07-062", "tags": [], "refsource": "MS"}, {"url": "http://www.securityfocus.com/archive/1/484186/100/0/threaded", "name": "HPSBST02291", "tags": [], "refsource": "HP"}, {"url": "http://www.securityfocus.com/archive/1/483698/100/0/threaded", "name": "20071114 Predictable DNS transaction IDs in Microsoft DNS Server", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/483635/100/0/threaded", "name": "20071113 After 6 months - fix available for Microsoft DNS cache poisoning attack", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-16"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-3898", "ASSIGNER": "secure@microsoft.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-11-14T01:46Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp1:adv_srv:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp3:adv_srv:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp3:datacenter_srv:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:gold:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:gold:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:srv:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:gold:datacenter_srv:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp1:datacenter_srv:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:gold:x64-std:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp2:adv_srv:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:std:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp2:datacenter_srv:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp2:srv:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:gold:adv_srv:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp1:srv:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:datacenter_srv:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:gold:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:gold:srv:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:adv_srv:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:gold:std:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:std:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:gold:itanium:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp3:srv:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-07-07T16:09Z"}

6.4 /10