Microsoft Windows SMTP Server DNS Spoofing Vulnerability Network Vulnerability

Summary

The Microsoft Windows Simple Mail Transfer Protocol (SMTP) Server is prone to a DNS spoofing vulnerability. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.

Solution

This issue is reported to be patched in Microsoft security advisory MS10-024 please see the references for more information.

References

http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0058.html
http://www.coresecurity.com/content/CORE-2010-0424-windows-stmp-dns-query-id-bugs
http://www.microsoft.com
http://www.microsoft.com/technet/security/Bulletin/MS10-024.mspx
http://www.securityfocus.com/bid/39908
http://www.securityfocus.com/bid/39910

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1689, CVE-2010-1690

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability
Mail relaying
Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability
Multiple Kerio Products Administration Console File Disclosure and Corruption Vulnerability
Sendmail Parsing Redirection DOS

Microsoft Windows SMTP Server DNS spoofing vulnerability

Take action and discover your vulnerabilities