CVE-2007-3898

The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.

Link	Resource
http://www.trusteer.com/docs/windowsdns.html
http://www.kb.cert.org/vuls/id/484649	US Government Resource
http://www.securityfocus.com/bid/25919	Exploit Patch
http://www.securitytracker.com/id?1018942
http://secunia.com/advisories/27584	Patch Vendor Advisory
http://www.scanit.be/advisory-2007-11-14.html
http://www.us-cert.gov/cas/techalerts/TA07-317A.html	US Government Resource
http://securityreason.com/securityalert/3373
http://www.vupen.com/english/advisories/2007/3848
https://exchange.xforce.ibmcloud.com/vulnerabilities/36805
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4395
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-062
http://www.securityfocus.com/archive/1/484186/100/0/threaded
http://www.securityfocus.com/archive/1/483698/100/0/threaded
http://www.securityfocus.com/archive/1/483635/100/0/threaded

Configuration 1

cpe:2.3:o:microsoft:windows_2003_server:*:gold:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:sp4:srv:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:gold:datacenter_srv:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:gold:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:sp1:datacenter_srv:*:*:*:*:* cpe:2.3:o:microsoft:windows_2003_server:*:gold:std:*:*:*:*:* cpe:2.3:o:microsoft:windows_2003_server:*:gold:x64-std:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:sp2:adv_srv:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_2003_server:*:sp1:std:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:sp3:adv_srv:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_2003_server:*:sp2:std:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:sp2:datacenter_srv:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:sp2:srv:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:gold:adv_srv:*:*:*:*:* cpe:2.3:o:microsoft:windows_2003_server:*:gold:itanium:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:sp1:srv:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:sp4:datacenter_srv:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:sp3:datacenter_srv:*:*:*:*:* cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_2003_server:*:gold:x64:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:gold:srv:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:sp3:srv:*:*:*:*:* cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:sp1:adv_srv:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:sp4:adv_srv:*:*:*:*:* cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2003:*:-:*:*:*:*:*:*

---

Published : 2007-11-14 01:46

Updated : 2021-07-07 04:09

---

NVD link : CVE-2007-3898

Mitre link : CVE-2007-3898

No products.

CWE-16