MS08-037: Vulnerabilities in DNS Could Allow Spoofing (951746) (uncredentialed check)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The DNS server running on the remote host is vulnerable to DNS spoofing
attacks.

Description :

According to its self-reported version number, the Microsoft DNS Server
running on the remote host contains issues in the DNS library that could
allow an attacker to send malicious DNS responses to DNS requests made
by the remote host thereby spoofing or redirecting internet traffic from
legitimate locations.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms08-037

Solution :

Microsoft has released patches for Windows 2000, 2003, and 2008
Server.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 5.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: DNS

Nessus Plugin ID: 72834 ()

Bugtraq ID: 30131
30132

CVE ID: CVE-2008-1447
CVE-2008-1454