CVE-2006-0988 — Microsoft Windows 2003 Server vulnerability

6 documents4 sources

Severity

7.8HIGHNVD

EPSS

67.1%

top 1.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 2003 Server Microsoft Windows NT

Timeline

PublishedMar 3

Latest updateMay 1

Description

The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶NVDmicrosoft/windows_2003_serverr2

▶NVDmicrosoft/windows_nt4.0

Patches

Patch: www.us-cert.gov ↗Patch: www.us-cert.gov ↗

🔴Vulnerability Details

GHSA

GHSA-7mvp-fp42-r9rr: The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4↗2022-05-01

▶

CVEList

CVE-2006-0988: The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4↗2006-03-03

▶

💬Community

Bugzilla

CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)↗2007-02-20

▶

Bugzilla

CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)↗2007-02-16

▶