Vigil@nce: Windows, poisoning the DNS cache
July 2008 by Vigil@nce
SYNTHESIS
An attacker can send answers coming from a non authoritative DNS
server in order to poison the cache of the Windows DNS Server.
Gravity: 3/4
Consequences: data creation/edition
Provenance: internet server
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 09/07/2008
Identifier: VIGILANCE-VUL-7938
IMPACTED PRODUCTS
– Microsoft Windows 2000 [confidential versions]
– Microsoft Windows 2003 [confidential versions]
– Microsoft Windows 2008
– Microsoft Windows XP [confidential versions]
DESCRIPTION
The Windows DNS Server can be configured to keep in its cache
answers of recent queries.
When a DNS server sends records for which it is not authoritative,
these data have to be rejected. However, The Microsoft DNS server
accepts to keep these malicious entries in its cache.
An attacker can therefore poison the DNS cache and redirect to a
malicious site all users querying the DNS server.
CHARACTERISTICS
Identifiers: 953230, BID-30132, CVE-2008-1454, MS08-037,
VIGILANCE-VUL-7938