QwikSec

Security Database

CVE

CWE

Training

CVE-2009-0234

Published: Mar 11, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_CERT

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_CERT-VN

vdb-entry

x_refsource_OSVDB

oval:org.mitre.oval:def:5715

vdb-entry

signature

x_refsource_OVAL

http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_MS

vdb-entry

x_refsource_SECTRACK

http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.