Vulnerability CVE-2010-1689


Published: 2010-05-07   Modified: 2012-02-13

Description:
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.

Type:

CWE-310

(Cryptographic Issues)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Microsoft -> Exchange server 
Microsoft -> Windows 2000 
Microsoft -> Windows 2003 server 
Microsoft -> Windows server 2003 
Microsoft -> Windows server 2008 
Microsoft -> Windows xp 

 References:
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0058.html
http://securitytracker.com/id?1023939
http://www.coresecurity.com/content/CORE-2010-0424-windows-smtp-dns-query-id-bugs
http://www.securityfocus.com/bid/39908

Copyright 2024, cxsecurity.com

 

Back to Top