Vulnerability Description
The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 2003 Server | All versions |
| Microsoft | Windows Server 2003 | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/27584PatchVendor Advisory
- http://securityreason.com/securityalert/3373
- http://www.kb.cert.org/vuls/id/484649US Government Resource
- http://www.scanit.be/advisory-2007-11-14.html
- http://www.securityfocus.com/archive/1/483635/100/0/threaded
- http://www.securityfocus.com/archive/1/483698/100/0/threaded
- http://www.securityfocus.com/archive/1/484186/100/0/threaded
- http://www.securityfocus.com/bid/25919ExploitPatch
- http://www.securitytracker.com/id?1018942
- http://www.trusteer.com/docs/windowsdns.html
- http://www.us-cert.gov/cas/techalerts/TA07-317A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2007/3848
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-06
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36805
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2007-3898?
CVE-2007-3898 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, ...
How severe is CVE-2007-3898?
CVE-2007-3898 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3898?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows Server 2003.