Lucene search

K

PRIOn knowledge basePRION:CVE-2007-3898

HistoryNov 14, 2007 - 1:46 a.m.

Design/Logic Flaw

2007-11-1401:46:00

PRIOn knowledge base

www.prio-n.com

1

6.5 Medium

AI Score

Confidence

Low

0.963 High

EPSS

Percentile

99.6%

The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.

References

secunia.com/advisories/27584

securityreason.com/securityalert/3373

www.kb.cert.org/vuls/id/484649

www.scanit.be/advisory-2007-11-14.html

www.securityfocus.com/archive/1/483635/100/0/threaded

www.securityfocus.com/archive/1/483698/100/0/threaded

www.securityfocus.com/archive/1/484186/100/0/threaded

www.securityfocus.com/bid/25919

www.securitytracker.com/id?1018942

www.trusteer.com/docs/windowsdns.html

www.us-cert.gov/cas/techalerts/TA07-317A.html

www.vupen.com/english/advisories/2007/3848

docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-062

exchange.xforce.ibmcloud.com/vulnerabilities/36805

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4395

6.5 Medium

AI Score

Confidence

Low

0.963 High

EPSS

Percentile

99.6%

Related for PRION:CVE-2007-3898

checkpoint_advisories4 nessus2 cert1 securityvulns3 nvd3 cvelist3 seebug1 cve3 prion2