Microsoft Windows SMTP Server DNS Spoofing Vulnerability Network Vulnerability

Summary

The Microsoft Windows Simple Mail Transfer Protocol (SMTP) Server is prone to a DNS spoofing vulnerability. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.

Solution

This issue is reported to be patched in Microsoft security advisory MS10-024 please see the references for more information.

References

http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0058.html
http://www.coresecurity.com/content/CORE-2010-0424-windows-stmp-dns-query-id-bugs
http://www.microsoft.com
http://www.microsoft.com/technet/security/Bulletin/MS10-024.mspx
http://www.securityfocus.com/bid/39908
http://www.securityfocus.com/bid/39910

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1689, CVE-2010-1690
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P

Related Vulnerabilities

DeepOfix SMTP Authentication Bypass
Microsoft Windows SMTP Server DNS spoofing vulnerability
Sendmail custom configuration file
Alt-N MDaemon SUBSCRIBE Remote Information Disclosure Vulnerability
Sendmail Group Permissions Vulnerability

Take action and discover your vulnerabilities