MS03-009: Microsoft ISA Server DNS - Denial Of Service (331065)

Low Nessus Plugin ID 11433


It is possible to launch a denial of service attack against the remote DNS application filter.


A vulnerability in Microsoft ISA Server 2000 allows an attacker to cause a denial of service in DNS services by sending a specially crafted DNS request packet.

Note that, to be vulnerable, the ISA Server must be manually configured to publish an internal DNS server, which it does not do by default.


Microsoft has released a set of patches for ISA Server 2000.

See Also

Plugin Details

Severity: Low

ID: 11433

File Name: smb_nt_ms03-009.nasl

Version: $Revision: 1.37 $

Type: local

Agent: windows

Published: 2003/03/21

Modified: 2017/05/25

Dependencies: 13855, 57033

Risk Information

Risk Factor: Low


Base Score: 2.6

Temporal Score: 1.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 3.7

Temporal Score: 3.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2003/03/19

Vulnerability Publication Date: 2003/03/19

Reference Information

CVE: CVE-2003-0011

BID: 7145

OSVDB: 14396

MSFT: MS03-009

MSKB: 331065