MS03-009: Microsoft ISA Server DNS - Denial Of Service (331065)

low Nessus Plugin ID 11433

Synopsis

It is possible to launch a denial of service attack against the remote DNS application filter.

Description

A vulnerability in Microsoft ISA Server 2000 allows an attacker to cause a denial of service in DNS services by sending a specially crafted DNS request packet.

Note that, to be vulnerable, the ISA Server must be manually configured to publish an internal DNS server, which it does not do by default.

Solution

Microsoft has released a set of patches for ISA Server 2000.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2003/ms03-009

Plugin Details

Severity: Low

ID: 11433

File Name: smb_nt_ms03-009.nasl

Version: 1.39

Type: local

Agent: windows

Published: 3/21/2003

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 1.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 3/19/2003

Vulnerability Publication Date: 3/19/2003

Reference Information

CVE: CVE-2003-0011

BID: 7145

MSFT: MS03-009

MSKB: 331065