Test Kennung:	1.3.6.1.4.1.25623.1.0.900088
Kategorie:	Windows : Microsoft Bulletins
Titel:	Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)
Zusammenfassung:	This host is missing a critical security update according to; Microsoft Bulletin MS09-008.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-008. Vulnerability Insight: - Error in the Windows DNS server may cause it to not properly reuse cached responses. - Error in the Windows DNS server may cause it to not properly cache responses to specifically crafted DNS queries. - Failure in access validation to restrict access when defining WPAD and ISATAP entries. Vulnerability Impact: Successful exploitation could allow attacker to execute specially crafted DNS queries to poison the DNS cache and can redirect traffic by registering WPAD or ISATP in the WINS database pointing to any desired IP address. Affected Software/OS: - Microsoft Windows 2K Server Service Pack 4 and prior - Microsoft Windows 2003 Server Service Pack 2 and prior - Microsoft Windows Server 2008 Service Pack 1 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Querverweis:	BugTraq ID: 33982 BugTraq ID: 33988 BugTraq ID: 33989 BugTraq ID: 34013 Common Vulnerability Exposure (CVE) ID: CVE-2009-0233 http://www.securityfocus.com/bid/33982 Cert/CC Advisory: TA09-069A http://www.us-cert.gov/cas/techalerts/TA09-069A.html Microsoft Security Bulletin: MS09-008 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-008 http://osvdb.org/52517 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6228 http://www.securitytracker.com/id?1021831 http://secunia.com/advisories/34217 http://www.vupen.com/english/advisories/2009/0661 Common Vulnerability Exposure (CVE) ID: CVE-2009-0234 http://www.securityfocus.com/bid/33988 CERT/CC vulnerability note: VU#319331 http://www.kb.cert.org/vuls/id/319331 http://osvdb.org/52518 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5715 Common Vulnerability Exposure (CVE) ID: CVE-2009-0093 http://www.securityfocus.com/bid/33989 http://blog.ncircle.com/blogs/vert/archives/2009/03/successful_exploit_renders_mic.html http://osvdb.org/52519 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6138 http://www.securitytracker.com/id?1021830 Common Vulnerability Exposure (CVE) ID: CVE-2009-0094 http://www.securityfocus.com/bid/34013 http://osvdb.org/52520 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6117 http://www.securitytracker.com/id?1021829
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.