A vulnerability has been discovered in the DNS server on the Windows NT and Windows 2000 operating systems. The problem occurs in the caching of glue records. It has been reported that glue records received from non-delegated name servers will be cached by default. This may allow for a malicious server to respond to a legitimate DNS query with a spoofed DNS response, designed to contain the necessary glue record characteristics.
A client making a request for a legitimate host may receive a corrupted record located in the DNS server's cache. This could result in the user being directed to an unexpected and malicious website.
published Aug 31, 2001
updated Nov 21, 2003
vulnerable
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Server
Microsoft Windows NT Enterprise Server 4.0 SP6a
Microsoft Windows NT Enterprise Server 4.0 SP6
Microsoft Windows NT Enterprise Server 4.0 SP5
Microsoft Windows NT Enterprise Server 4.0 SP4
Microsoft Windows NT Enterprise Server 4.0 SP3
Microsoft Windows NT Enterprise Server 4.0 SP2
Microsoft Windows NT Enterprise Server 4.0 SP1
Microsoft Windows NT Enterprise Server 4.0
Microsoft Windows NT Server 4.0 SP6a
Microsoft Windows NT Server 4.0 SP6
Microsoft Windows NT Server 4.0 SP5
Microsoft Windows NT Server 4.0 SP4
Microsoft Windows NT Server 4.0 SP3
Microsoft Windows NT Server 4.0 SP2
Microsoft Windows NT Server 4.0 SP1
Microsoft Windows NT Server 4.0
Microsoft Windows NT Terminal Server 4.0 SP6
Microsoft Windows NT Terminal Server 4.0 SP5
Microsoft Windows NT Terminal Server 4.0 SP4
Microsoft Windows NT Terminal Server 4.0 SP3
Microsoft Windows NT Terminal Server 4.0 SP2
Microsoft Windows NT Terminal Server 4.0 SP1
Microsoft Windows NT Terminal Server 4.0
Workaround:
It is possible to prevent this issue by modifying the default configuration settings through the Windows registry. Further information regarding how to apply the appropriate changes can are available at the following location:
http://support.microsoft.com/default.aspx?scid=KB;en-us;q241352
Solution: Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com
http://www.securityfocus.com/bid/6791/discussion/

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic