|
Microsoft Windows DNS-service cache-forgiftning
|
|
|
|
|
Secunia Advisory:
|
SA27584
|
|
|
Udsendt:
|
2007-11-13
|
|
Sidste Opdt.:
|
2007-11-14
|
|
|
Kritisk:
|
Moderat kritisk
|
|
Betydning:
|
Forfalskning
|
|
Hvor:
|
Fra Internet
|
|
Løsning Status:
|
Producent Patch
|
|
| OS: | Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
|
|
| | CVE reference: | CVE-2007-3898 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Beskrivelse:
Der er rapporteret en sårbarhed i Microsoft Windows, som kan udnyttes af ondsindede personer til at forgifte DNS-cachen.
Sårbarheden skyldes, at DNS-servicen (dns.exe) benytter forudsigelige transaktionsværdier ved udsending af forespørgsler til upstream DNS-servere. Dette kan udnyttes til at forgifte DNS-cachen via en specielt udformet besvarelse med en gættet transaktionsværdi, når DNS-servicen udfører et rekursivt opslag.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Løsning:
Installér patches.
Microsoft Windows 2000 Server SP4:
http://www.microsoft.com/downloads/de...=c80fcd9b-d0f8-44db-96fc-bf2ead054ff4
Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/de...=ed8e2cb4-bcd9-40fc-9ad6-46b364d0656d
Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=d1323e14-ffa7-4d03-a2a7-9240c192a75e
Windows Server 2003 with SP1/SP2 for Itanium-based systems:
http://www.microsoft.com/downloads/de...=f3ad67de-85ad-452d-a1e0-0af3faf969d6
Rapporteret af / Kredit:
Producenten krediterer:
* Amit Klein, Trusteer.
* Alla Berzroutchko, Scanit.
Forløb:
14-11-2007: Tilføjede links til US-CERT og Scanit.
Original Advisory:
MS07-062 (KB941672):
http://www.microsoft.com/technet/security/Bulletin/MS07-062.mspx
Scanit:
http://www.scanit.be/advisory-2007-11-14.html
Andre Kilder:
US-CERT VU#484649:
http://www.kb.cert.org/vuls/id/484649
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
219 Relaterede Secunia Advisories, displaying 10
|
|
|
1. Microsoft Windows LSASS rettighedseskalering
|
|
2. Microsoft Windows TCP/IP-implementation sårbarheder
|
|
3. Microsoft Windows Message Queuing Service buffer overflow
|
|
4. Windows Media Format Runtime ASF-fortolkningssårbarhed
|
|
5. Microsoft DirectX SAMI/WAV/AVI fil-fortolkning sårbarheder
|
|
6. Microsoft "Web Proxy Auto-Discovery" feature sikkerhedsproblem
|
|
7. Macrovision SafeDisc secdrv.sys rettighedseskalering
|
|
8. Windows 2000 RPC-godkendelse afsløring af information
|
|
9. Microsoft Windows RPC-godkendelse Denial of Service
|
|
10. Microsoft Windows NNTP besvarelses-håndtering buffer overflow
|
Vis alle relaterede advisories
|
|
|
Send Feedback to Secunia
|
|
Hvis du har ny information angående dette Secunia advisory eller et produkt i vores database, så send det venligst til os. Du kan sende det til os enten ved at bruge vores web formular eller ved at sende det til vuln@secunia.com.
Ideer, foreslag og andet feedback er også meget velkommen.
|
|
|
|
