CVE-2006-0988
published 2006-03-03CVE-2006-0988: The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows…
PriorityP343high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
54.79%
98.9th percentile
The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_2003_server | — | — |
| microsoft | windows_nt | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target DNS servers that allow recursive queries from arbitrary IP addresses — a key enabler of the amplification attack described in CVE-2006-0988. ↗
- →Scan for DNS servers exposing recursive name lookups, as used in amplification attacks against third parties. ↗
- ·Affected platforms include Windows Server 2003, Windows 2000 (DNS Server service default config), and Windows NT 4.0 (Microsoft DNS Server service) — all with recursive queries enabled by default. ↗
- ·The attack vector relies on spoofed source IP addresses in DNS queries to redirect amplified traffic at victims — standard source IP validation (BCP38) would mitigate abuse. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)
bugzilla·2007-02-20·CVSS 7.5
CVE-2007-0906 [HIGH] CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)
CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)
+++ This bug was initially created as a clone of Bug #228858 +++
Description of problem:
1. If unserializing untrusted data on 64-bit platforms the
zend_hash_init() function can be forced to enter an infinite loop,
consuming CPU resources, for a limited length of time, until the
script timeout alarm aborts the script (CVE-2007-0988)
2. If a script uses the imap_mail_compose() function to create a new MIME
message based on an input body from an untrusted source, an attacker may be able
to force a heap overflow (CVE-2006-0906)
3. If the format string could passed to one of the functions in the printf()
family could be controlled by an attacker via untrusted data, then an
out-of-b
Bugzilla
CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)
bugzilla·2007-02-16·CVSS 7.5
CVE-2007-0906 [HIGH] CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)
CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)
+++ This bug was initially created as a clone of Bug #228858 +++
Description of problem:
1. If unserializing untrusted data on 64-bit platforms the
zend_hash_init() function can be forced to enter an infinite loop,
consuming CPU resources, for a limited length of time, until the
script timeout alarm aborts the script (CVE-NO-NAME)
2. If a script uses the imap_mail_compose() function to create a new MIME
message based on an input body from an untrusted source, an attacker may be able
to force a heap overflow (CVE-2006-0906)
3. If the format string could passed to one of the functions in the printf()
family could be controlled by an attacker via untrusted data, then an
out-of-bou
http://dns.measurement-factory.com/surveys/sum1.htmlhttp://www.securityfocus.com/archive/1/426368/100/0/threadedhttp://www.us-cert.gov/reading_room/DNS-recursion121605.pdfhttp://dns.measurement-factory.com/surveys/sum1.htmlhttp://www.securityfocus.com/archive/1/426368/100/0/threadedhttp://www.us-cert.gov/reading_room/DNS-recursion121605.pdf
2006-03-03
Published