Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1447

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-1447
Last Modified 27 May 2015 12:23:13
Published 08 Jul 2008 07:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1447

Summary

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."

Vulnerable Systems

Application

  • Isc Bind 4

  • Isc Bind 8

  • Isc Bind 9.2.9


References

CERT - TA08-260A

CERT - TA08-190B

CERT - TA08-190A

CERT-VN - VU#800113

MS - MS08-037

DEBIAN - DSA-1603

FEDORA - FEDORA-2008-6281

FEDORA - FEDORA-2008-6256

XF - cisco-multiple-dns-cache-poisoning(43637)

XF - win-dns-client-server-spoofing(43334)

VUPEN - ADV-2010-0622

VUPEN - ADV-2009-0311

VUPEN - ADV-2009-0297

VUPEN - ADV-2008-2584

VUPEN - ADV-2008-2582

VUPEN - ADV-2008-2558

VUPEN - ADV-2008-2549

VUPEN - ADV-2008-2525

VUPEN - ADV-2008-2482

VUPEN - ADV-2008-2467

VUPEN - ADV-2008-2466

VUPEN - ADV-2008-2384

VUPEN - ADV-2008-2383

VUPEN - ADV-2008-2377

VUPEN - ADV-2008-2342

VUPEN - ADV-2008-2334

VUPEN - ADV-2008-2291

VUPEN - ADV-2008-2268

VUPEN - ADV-2008-2197

VUPEN - ADV-2008-2196

VUPEN - ADV-2008-2195

VUPEN - ADV-2008-2166

VUPEN - ADV-2008-2139

VUPEN - ADV-2008-2123

VUPEN - ADV-2008-2114

VUPEN - ADV-2008-2113

VUPEN - ADV-2008-2092

VUPEN - ADV-2008-2055

VUPEN - ADV-2008-2052

VUPEN - ADV-2008-2051

VUPEN - ADV-2008-2050

VUPEN - ADV-2008-2030

VUPEN - ADV-2008-2029

VUPEN - ADV-2008-2025

VUPEN - ADV-2008-2023

VUPEN - ADV-2008-2019

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0014.html

MISC - http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html

UBUNTU - USN-622-1

SECTRACK - 1020804

SECTRACK - 1020802

SECTRACK - 1020702

SECTRACK - 1020653

SECTRACK - 1020651

SECTRACK - 1020579

SECTRACK - 1020578

SECTRACK - 1020577

SECTRACK - 1020576

SECTRACK - 1020575

SECTRACK - 1020561

SECTRACK - 1020560

SECTRACK - 1020558

SECTRACK - 1020548

SECTRACK - 1020449

SECTRACK - 1020448

SECTRACK - 1020440

SECTRACK - 1020438

SECTRACK - 1020437

BID - 30131

BUGTRAQ - 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.

BUGTRAQ - 20080808 New paper: An Illustrated Guide to the Kaminsky DNS Vulnerability

CONFIRM - http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/

CONFIRM - http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html

REDHAT - RHSA-2008:0789

CONFIRM - http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog

CONFIRM - http://www.phys.uu.nl/~rombouts/pdnsd.html

OPENBSD - [4.3] 004: SECURITY FIX: July 23, 2008

OPENBSD - [4.2] 013: SECURITY FIX: July 23, 2008

CONFIRM - http://www.novell.com/support/viewContent.do?externalId=7000912

MISC - http://www.nominum.com/asset_upload_file741_2661.pdf

MILW0RM - 6130

MILW0RM - 6123

MILW0RM - 6122

MANDRIVA - MDVSA-2008:139

CONFIRM - http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q

CONFIRM - http://www.kb.cert.org/vuls/id/MIMG-7DWR4J

CONFIRM - http://www.isc.org/index.pl?/sw/bind/bind-security.php

CONFIRM - http://www.ipcop.org/index.php?name=News&file=article&sid=40

AIXAPAR - IZ26672

AIXAPAR - IZ26671

AIXAPAR - IZ26670

AIXAPAR - IZ26669

AIXAPAR - IZ26668

AIXAPAR - IZ26667

MISC - http://www.doxpara.com/DMK_BO2K8.ppt

MISC - http://www.doxpara.com/?p=1176

DEBIAN - DSA-1623

DEBIAN - DSA-1619

DEBIAN - DSA-1605

DEBIAN - DSA-1604

CISCO - 20080708 Multiple Cisco Product Vulnerable to DNS Cache Poisoning Attacks

MISC - http://www.caughq.org/exploits/CAU-EX-2008-0003.txt

MISC - http://www.caughq.org/exploits/CAU-EX-2008-0002.txt

CONFIRM - http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231

CONFIRM - http://up2date.astaro.com/2008/08/up2date_7202_released.html

CONFIRM - http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=762152

CONFIRM - http://support.citrix.com/article/CTX118183

CONFIRM - http://support.citrix.com/article/CTX117991

CONFIRM - http://support.apple.com/kb/HT3129

CONFIRM - http://support.apple.com/kb/HT3026

SUNALERT - 240048

SUNALERT - 239392

SLACKWARE - SSA:2008-191

SLACKWARE - SSA:2008-205-01

GENTOO - GLSA-200812-17

GENTOO - GLSA-200807-08

FREEBSD - FreeBSD-SA-08:06

SECUNIA - 33786

SECUNIA - 33714

SECUNIA - 33178

SECUNIA - 31900

SECUNIA - 31882

SECUNIA - 31823

SECUNIA - 31687

SECUNIA - 31588

SECUNIA - 31495

SECUNIA - 31482

SECUNIA - 31451

SECUNIA - 31430

SECUNIA - 31422

SECUNIA - 31354

SECUNIA - 31326

SECUNIA - 31254

SECUNIA - 31237

SECUNIA - 31236

SECUNIA - 31221

SECUNIA - 31213

SECUNIA - 31212

SECUNIA - 31209

SECUNIA - 31207

SECUNIA - 31204

SECUNIA - 31199

SECUNIA - 31197

SECUNIA - 31169

SECUNIA - 31153

SECUNIA - 31152

SECUNIA - 31151

SECUNIA - 31143

SECUNIA - 31137

SECUNIA - 31094

SECUNIA - 31093

SECUNIA - 31072

SECUNIA - 31065

SECUNIA - 31052

SECUNIA - 31033

SECUNIA - 31031

SECUNIA - 31030

SECUNIA - 31022

SECUNIA - 31019

SECUNIA - 31014

SECUNIA - 31012

SECUNIA - 31011

SECUNIA - 30998

SECUNIA - 30989

SECUNIA - 30988

SECUNIA - 30980

SECUNIA - 30979

SECUNIA - 30977

SECUNIA - 30973

SECUNIA - 30925

REDHAT - RHSA-2008:0533

HP - SSRT090014

HP - HPSBTU02358

HP - SSRT080058

SUSE - SUSE-SR:2008:017

SUSE - SUSE-SA:2008:033

APPLE - APPLE-SA-2008-09-15

APPLE - APPLE-SA-2008-09-12

APPLE - APPLE-SA-2008-09-09

APPLE - APPLE-SA-2008-07-31

HP - SSRT071449

HP - HPSBOV02357

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401

MISC - http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html

NETBSD - NetBSD-SA2008-009

UBUNTU - USN-627-1

GENTOO - GLSA-201209-25

CISCO - 20080708 Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks

HP - HPSBMP02404

HP - HPSBUX02351

HP - HPSBNS02405

HP - SSRT101004

Related Patches

Apple 2008-07-31 Security Update 2008-005 (PPC)

Apple 2008-07-31 Security Update 2008-005 Server (PPC)

Apple 2008-07-31 Security Update 2008-005 (Leopard)

Apple 2008-07-31 Security Update 2008-005 (Intel)

Apple 2008-07-31 Security Update 2008-005 Server (Intel)

Apple 2008-09-15 Security Update 2008-006 (PPC)

Apple 2008-09-15 Security Update 2008-006 Server (PPC)

Apple 2008-09-15 Mac OS X 10.5.5 Update

Apple 2008-09-15 Mac OS X Server 10.5.5 Combo Update

Apple 2008-09-15 Mac OS X Server 10.5.5 Update

Apple 2008-09-15 Security Update 2008-006 (Intel)

Apple 2008-09-15 Mac OS X 10.5.5 Combo Update

Apple 2008-09-15 Security Update 2008-006 Server (Intel)

Novell SUSE 2008:5409 bind security update for SLE 10 i586

VMware VMSA-2008-0014.3 VMware Workstation 6.5.1 for Windows (Update) (All Languages) (See Notes) (Rev 2)

VMware VMSA-2008-0014.3 VMware Server 2.0 for Windows (Update) (All Languages) (See Notes) (Rev 3)

VMware VMSA-2008-0014.3 VMware Player 2.5.1 for Windows (Update) (All Languages) (Rev 2)


Last Updated: 27 May 2016 11:01:24