Vulnerability CVE-2006-0988


Published: 2006-03-03   Modified: 2012-02-12

Description:
The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Microsoft -> Windows 2000 
Microsoft -> Windows 2003 server 
Microsoft -> Windows nt 

 References:
http://dns.measurement-factory.com/surveys/sum1.html
http://www.securityfocus.com/archive/1/426368/100/0/threaded
http://www.us-cert.gov/reading_room/DNS-recursion121605.pdf

Copyright 2024, cxsecurity.com

 

Back to Top