Detections
Analytics
MS11-058: Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485) (remote check)
critical Nessus Plugin ID 55883
Language:
Synopsis
The DNS server running on the remote host is affected by a memory corruption vulnerability.Description
The version of Windows DNS server running on the remote host has a memory corruption vulnerability that can be triggered by making a specially crafted NAPTR query. This could allow an attacker to write arbitrary data to the heap and potentially execute arbitrary code.Note that upstream servers may filter this request, creating a false negative, or may be vulnerable themselves, creating a false positive.
If the target is patched and shows up as vulnerable, check your upstream DNS servers.
Note also that while Microsoft's advisory referenced multiple vulnerabilities, Nessus only tests for the vulnerability described above.
Solution
Microsoft has released a set of patches for Windows 2003, 2008, and 2008 R2.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2011/ms11-058
Plugin Details
Severity: Critical
ID: 55883
File Name: dns_ms11-058.nasl
Version: 1.13
Type: remote
Agent: windows
Family: Windows
Published: 8/17/2011
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/o:microsoft:windows
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/9/2011
Vulnerability Publication Date: 8/9/2011
Exploitable With
Core Impact
Reference Information
CVE: CVE-2011-1966
BID: 49012
MSFT: MS11-058
MSKB: 2562485