The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Microsoft
  • Windows 2000
  • Windows 2003 Server
  • Windows Server 2003

Configuration 1 [-]

OR cpe:2.3:o:microsoft:windows_2000:*:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:gold:adv_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:gold:datacenter_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:gold:srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:adv_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:datacenter_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp1:srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:adv_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:datacenter_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp2:srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp3:adv_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp3:datacenter_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp3:srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:adv_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:datacenter_srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:srv:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:std:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:gold:x64-std:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp1:std:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:std:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:-:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*

No data.

References
Link Providers
http://secunia.com/advisories/27584 cve-icon cve-icon
http://securityreason.com/securityalert/3373 cve-icon cve-icon
http://www.kb.cert.org/vuls/id/484649 cve-icon cve-icon
http://www.scanit.be/advisory-2007-11-14.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/483635/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/483698/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/484186/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/25919 cve-icon cve-icon
http://www.securitytracker.com/id?1018942 cve-icon cve-icon
http://www.trusteer.com/docs/windowsdns.html cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA07-317A.html cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/3848 cve-icon cve-icon
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-062 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/36805 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4395 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2024-08-07T14:37:05.242Z

Reserved: 2007-07-19T00:00:00

Link: CVE-2007-3898

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2007-11-14T01:46:00.000

Modified: 2024-11-21T00:34:19.723

Link: CVE-2007-3898

cve-icon Redhat

No data.