CVE-2009-0094 - The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registra

CVE-2009-0094

Summary

The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692. Per: http://www.microsoft.com/technet/security/Bulletin/MS09-008.mspx Mitigating Factors for WPAD WINS Server Registration Vulnerability - CVE-2009-0094 Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation. If WINS server already has WPAD and ISATAP registered than an attacker will not be able to register these as well.

References

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*

CVSS

Base:	5.5 (as of 26-02-2019 - 14:04)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:P/A:P

msbulletin via4

bulletin_id	MS09-008
bulletin_url
date	2009-03-10T00:00:00
impact	Spoofing
knowledgebase_id	962238
knowledgebase_url
severity	Important
title	Vulnerabilities in DNS and WINS Server Could Allow Spoofing

oval via4

accepted

2011-11-14T04:00:57.877-05:00

class

vulnerability

contributors

name Dragos Prisaca
organization Gideon Technologies, Inc.
name Chandan S
organization SecPod Technologies

definition_extensions

comment Microsoft Windows 2000 SP4 or later is installed
oval oval:org.mitre.oval:def:229
comment Microsoft Windows Server 2003 SP1 (x86) is installed
oval oval:org.mitre.oval:def:565
comment Microsoft Windows Server 2003 SP1 (x64) is installed
oval oval:org.mitre.oval:def:4386
comment Microsoft Windows Server 2003 SP1 for Itanium is installed
oval oval:org.mitre.oval:def:1205
comment Microsoft Windows Server 2003 SP2 (x86) is installed
oval oval:org.mitre.oval:def:1935
comment Microsoft Windows Server 2003 SP2 (x64) is installed
oval oval:org.mitre.oval:def:2161
comment Microsoft Windows Server 2003 (ia64) SP2 is installed
oval oval:org.mitre.oval:def:1442

description

family

windows

oval:org.mitre.oval:def:6117

status

accepted

submitted

2009-03-10T16:00:00

title

WPAD WINS Server Registration Vulnerability

version

refmap via4

bid	34013
cert	TA09-069A
confirm	http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm
osvdb	52520
sectrack	1021829
secunia	34217
vupen	ADV-2009-0661

Last major update

26-02-2019 - 14:04

Published

11-03-2009 - 14:19

Last modified

26-02-2019 - 14:04