CVE-2009-0233
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
El DNS Resolver Cache Service (también conocido como DNSCache) en Windows DNS Server en Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, y Server 2008, cuando las actualizaciones dinámicas están activadas, no rechaza las respuestas en caché en todas las situaciones aplicables, lo que facilita a atacantes remotos predecir los IDs de las transacción y envenenar la caché mediante el envío simultáneo peticiones y respuestas DNS envenenadas , también conocida como "vulnerabilidad DNS Server Query Validation ".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-01-20 CVE Reserved
- 2009-03-11 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx | X_refsource_confirm | |
| http://osvdb.org/52517 | Vdb Entry | |
| http://secunia.com/advisories/34217 | Third Party Advisory | |
| http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm | X_refsource_confirm | |
| http://www.securityfocus.com/bid/33982 | Vdb Entry | |
| http://www.securitytracker.com/id?1021831 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA09-069A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2009/0661 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6228 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-008 | 2019-02-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | sp1, itanium |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | * | x64 |
Affected
| ||||||