{"vuid":"VU#319331","idnumber":"319331","name":"Microsoft Windows DNS Server response validation vulnerability","keywords":["Microsoft","ms09-mar","Critical","Important","MS09-006","MS09-007","MS09-008","Windows Kernel","remote code execution","SChannel","spoofing","DNS server","WINS server"],"overview":"The Microsoft Windows DNS server contains a response validation vulnerability. If successfully exploited, this vulnerability may allow an attacker to poison the affected DNS server's cache.","clean_desc":"The Domain Name System (DNS) is responsible for translating host names to IP addresses (and vice versa) and is critical for the normal operation of internet-connected systems. Per Microsoft Security Bulletin MS09-008: A response validation vulnerability exists in Windows DNS Server. The vulnerability could allow an unauthenticated remote attacker to send specially crafted queries to a DNS server so as to allow greater predictability of transaction IDs used by the DNS server and thus to redirect Internet traffic from legitimate locations.","impact":"An attacker may be able to insert arbitrary values in the DNS cache. An attacker with the ability to conduct a successful attack can cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services. Consequently, web traffic, email, and other important network data can be redirected to systems under the attacker's control.","resolution":"Upgrade\nMicrosoft has released an update to address this issue. See http://www.microsoft.com/technet/security/bulletin/MS09-008.mspx for more information.","workarounds":"","sysaffected":"","thanks":"Information from Microsoft Security Bulletin MS09-008 was used in this report. Microsoft credits Kevin Day and Dave Dagon for providing assistance with this issue.","author":"This document was written by Ryan Giobbi.","public":["http://www.microsoft.com/technet/security/Bulletin/MS09-mar.mspx","http://www.microsoft.com/technet/security/bulletin/MS09-008.mspx"],"cveids":["CVE-2009-0234"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2009-03-10T16:52:41Z","publicdate":"2009-03-10T00:00:00Z","datefirstpublished":"2009-03-10T17:34:51Z","dateupdated":"2009-03-17T16:02:42Z","revision":21,"vrda_d1_directreport":"0","vrda_d1_population":"4","vrda_d1_impact":"4","cam_widelyknown":"5","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"20","cam_impact":"15","cam_easeofexploitation":"10","cam_attackeraccessrequired":"20","cam_scorecurrent":"10.125","cam_scorecurrentwidelyknown":"27","cam_scorecurrentwidelyknownexploited":"49.5","ipprotocol":"","cvss_accessvector":"--","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"--","cvss_integrityimpact":"--","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"Not Defined (ND)","cvss_reportconfidence":"Not Defined (ND)","cvss_collateraldamagepotential":"Not Defined (ND)","cvss_targetdistribution":"Not Defined (ND)","cvss_securityrequirementscr":"Not Defined (ND)","cvss_securityrequirementsir":"Not Defined (ND)","cvss_securityrequirementsar":"Not Defined (ND)","cvss_basescore":"0","cvss_basevector":"AV:--/AC:--/Au:--/C:--/I:--/A:--","cvss_temporalscore":"0","cvss_environmentalscore":"0","cvss_environmentalvector":"CDP:Not Defined (ND)/TD:Not Defined (ND)/CR:Not Defined (ND)/IR:Not Defined (ND)/AR:Not Defined (ND)","metric":10.125,"vulnote":null}