[Forgot Password]
Login  Register Subscribe

23631

 
 

117687

 
 

98503

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

DNS and WINS Server Spoofing Vulnerability - MS09-008

ID: oval:org.secpod.oval:def:2620Date: (C)2011-10-27   (M)2017-10-04
Class: PATCHFamily: windows




The host is missing impotant security update according to Microsoft security bulletin, MS09-008. The update is required to fix DNS and WINS server spoofing vulnerability. DNS Resolver Cache Service (aka DNSCache) when dynamic updates are enabled, does not reuse cached DNS responses and WINS server does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features. Successful exploitation could result in poisoning the caches and spoofing proxy server.

Platform:
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Reference:
MS09-008
CVE-2009-0093
CVE-2009-0094
CVE-2009-0233
CVE-2009-0234
CVE    4
CVE-2009-0094
CVE-2009-0093
CVE-2009-0234
CVE-2009-0233
...
CPE    8
cpe:/o:microsoft:windows_2003_server::sp1:x64
cpe:/o:microsoft:windows_server_2008
cpe:/o:microsoft:windows_2003_server::sp1:itanium
cpe:/o:microsoft:windows_2003_server::sp2:itanium
...
XCCDF    4
xccdf_com.secpod_benchmark_microsoft-windows-server-2008
xccdf_com.secpod_benchmark_microsoft-windows-server-2003
xccdf_com.secpod_benchmark_microsoft-windows-2000
xccdf_scaprepo.com_benchmark_microsoft-windows-server-2003
...

© 2013 SecPod Technologies