Content
(MS08-037) Microsoft DNS Insufficient Socket Entropy Vulnerability (953230)
- Type
- Logic error
- Impact of exploitation
- Security Bypass
- User Interaction
- no user interaction is needed
- Attack Vector
- Malicious remote network traffic
- Rating
- High
- CVE reference
- CVE-2008-1447 ,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows 2000 SP4,
- Windows XP SP3,
- Windows 2003 SP2,
- IOS 12.4Xt,
- Bind 9.0,
- Summary
- A vulnerability in Windows DNS server and client may allow for spoofing attacks.
Tab Navigation
Description
Windows DNS server is a DNS server implementation for Microsoft operating systems. A vulnerability in Windows DNS server and client may allow for spoofing attacks. A remote, unauthenticated attacker could send specially crafted DNS responses to vulnerable systems. These malicious responses would let the attacker insert records into the DNS cache in the server and client and spoof Internet sites. Other vendor's DNS server and client implementations are also affected by this vulnerability. Please refer to your vendor's Web site to see if your systems are affected.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft (953230): http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx Please refer to Cisco's advisory for patch information for Cisco products: http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml Please refer to the following advisories for a patch for BIND: http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc http://www.novell.com/support/viewContent.do?externalId=7000912&sliceId=1
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS08-037) Microsoft DNS Insufficient Socket Entropy Vulnerability (953230)
- Signature identifier:
- 5995
- Release date:
- 7/8/2008
McAfee Intrushield
This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- DNS: Microsoft Generic TXID Spoofing Attack Vulnerability
- Signature identifier:
- 0x40303200
- Release date:
- 7/8/2008
- First released in:
- Sigset(s) 3.1.67, 4.1.30
Additional Resources
Microsoft Security Bulletin: Vulnerabilities in DNS Could Allow Spoofing (953230)
http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx
All Information
Timeline -
7/23/2008
Exploit code has been released.
7/23/2008
Exploit code has been released.
7/8/2008
Vendor has provided a patch.
Description -
Windows DNS server is a DNS server implementation for Microsoft operating systems. A vulnerability in Windows DNS server and client may allow for spoofing attacks. A remote, unauthenticated attacker could send specially crafted DNS responses to vulnerable systems. These malicious responses would let the attacker insert records into the DNS cache in the server and client and spoof Internet sites. Other vendor's DNS server and client implementations are also affected by this vulnerability. Please refer to your vendor's Web site to see if your systems are affected.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft (953230): http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx Please refer to Cisco's advisory for patch information for Cisco products: http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml Please refer to the following advisories for a patch for BIND: http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc http://www.novell.com/support/viewContent.do?externalId=7000912&sliceId=1
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS08-037) Microsoft DNS Insufficient Socket Entropy Vulnerability (953230)
- Signature identifier:
- 5995
- Release date:
- 7/8/2008
McAfee Intrushield
This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- DNS: Microsoft Generic TXID Spoofing Attack Vulnerability
- Signature identifier:
- 0x40303200
- Release date:
- 7/8/2008
- First released in:
- Sigset(s) 3.1.67, 4.1.30
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerabilities in DNS Could Allow Spoofing (953230)
http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx
