CVE-2008-1447

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc

http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368

http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html

http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html

http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html

http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html

http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://marc.info/?l=bugtraq&m=121630706004256&w=2

http://marc.info/?l=bugtraq&m=121866517322103&w=2

http://marc.info/?l=bugtraq&m=123324863916385&w=2

http://marc.info/?l=bugtraq&m=141879471518471&w=2

http://rhn.redhat.com/errata/RHSA-2008-0533.html

http://secunia.com/advisories/30925

http://secunia.com/advisories/30973

http://secunia.com/advisories/30977

http://secunia.com/advisories/30979

http://secunia.com/advisories/30980

http://secunia.com/advisories/30988

http://secunia.com/advisories/30989

http://secunia.com/advisories/30998

http://secunia.com/advisories/31011

http://secunia.com/advisories/31012

http://secunia.com/advisories/31014

http://secunia.com/advisories/31019

http://secunia.com/advisories/31022

http://secunia.com/advisories/31030

http://secunia.com/advisories/31031

http://secunia.com/advisories/31033

http://secunia.com/advisories/31052

http://secunia.com/advisories/31065

http://secunia.com/advisories/31072

http://secunia.com/advisories/31093

http://secunia.com/advisories/31094

http://secunia.com/advisories/31137

http://secunia.com/advisories/31143

http://secunia.com/advisories/31151

http://secunia.com/advisories/31152

http://secunia.com/advisories/31153

http://secunia.com/advisories/31169

http://secunia.com/advisories/31197

http://secunia.com/advisories/31199

http://secunia.com/advisories/31204

http://secunia.com/advisories/31207

http://secunia.com/advisories/31209

http://secunia.com/advisories/31212

http://secunia.com/advisories/31213

http://secunia.com/advisories/31221

http://secunia.com/advisories/31236

http://secunia.com/advisories/31237

http://secunia.com/advisories/31254

http://secunia.com/advisories/31326

http://secunia.com/advisories/31354

http://secunia.com/advisories/31422

http://secunia.com/advisories/31430

http://secunia.com/advisories/31451

http://secunia.com/advisories/31482

http://secunia.com/advisories/31495

http://secunia.com/advisories/31588

http://secunia.com/advisories/31687

http://secunia.com/advisories/31823

http://secunia.com/advisories/31882

http://secunia.com/advisories/31900

http://secunia.com/advisories/33178

http://secunia.com/advisories/33714

http://secunia.com/advisories/33786

http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc

http://security.gentoo.org/glsa/glsa-200807-08.xml

http://security.gentoo.org/glsa/glsa-200812-17.xml

http://security.gentoo.org/glsa/glsa-201209-25.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.452680

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.539239

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-240048-1

http://support.apple.com/kb/HT3026

http://support.apple.com/kb/HT3129

http://support.citrix.com/article/CTX117991

http://support.citrix.com/article/CTX118183

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=762152

http://up2date.astaro.com/2008/08/up2date_7202_released.html

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231

http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018

http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning

http://www.caughq.org/exploits/CAU-EX-2008-0002.txt

http://www.caughq.org/exploits/CAU-EX-2008-0003.txt

http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml

http://www.debian.org/security/2008/dsa-1603

http://www.debian.org/security/2008/dsa-1604

http://www.debian.org/security/2008/dsa-1605

http://www.debian.org/security/2008/dsa-1619

http://www.debian.org/security/2008/dsa-1623

http://www.doxpara.com/?p=1176

http://www.doxpara.com/DMK_BO2K8.ppt

http://www.ibm.com/support/docview.wss?uid=isg1IZ26667

http://www.ibm.com/support/docview.wss?uid=isg1IZ26668

http://www.ibm.com/support/docview.wss?uid=isg1IZ26669

http://www.ibm.com/support/docview.wss?uid=isg1IZ26670

http://www.ibm.com/support/docview.wss?uid=isg1IZ26671

http://www.ibm.com/support/docview.wss?uid=isg1IZ26672

http://www.ipcop.org/index.php?name=News&file=article&sid=40

http://www.isc.org/index.pl?/sw/bind/bind-security.php

http://www.kb.cert.org/vuls/id/800113

http://www.kb.cert.org/vuls/id/MIMG-7DWR4J

http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q

http://www.mandriva.com/security/advisories?name=MDVSA-2008:139

http://www.nominum.com/asset_upload_file741_2661.pdf

http://www.novell.com/support/viewContent.do?externalId=7000912

http://www.openbsd.org/errata42.html#013_bind

http://www.openbsd.org/errata43.html#004_bind

http://www.phys.uu.nl/~rombouts/pdnsd.html

http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog

http://www.redhat.com/support/errata/RHSA-2008-0789.html

http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html

http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/

http://www.securityfocus.com/archive/1/495289/100/0/threaded

http://www.securityfocus.com/archive/1/495869/100/0/threaded

http://www.securityfocus.com/bid/30131

http://www.securitytracker.com/id?1020437

http://www.securitytracker.com/id?1020438

http://www.securitytracker.com/id?1020440

http://www.securitytracker.com/id?1020448

http://www.securitytracker.com/id?1020449

http://www.securitytracker.com/id?1020548

http://www.securitytracker.com/id?1020558

http://www.securitytracker.com/id?1020560

http://www.securitytracker.com/id?1020561

http://www.securitytracker.com/id?1020575

http://www.securitytracker.com/id?1020576

http://www.securitytracker.com/id?1020577

http://www.securitytracker.com/id?1020578

http://www.securitytracker.com/id?1020579

http://www.securitytracker.com/id?1020651

http://www.securitytracker.com/id?1020653

http://www.securitytracker.com/id?1020702

http://www.securitytracker.com/id?1020802

http://www.securitytracker.com/id?1020804

http://www.ubuntu.com/usn/usn-622-1

http://www.ubuntu.com/usn/usn-627-1

http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html

http://www.us-cert.gov/cas/techalerts/TA08-190A.html

http://www.us-cert.gov/cas/techalerts/TA08-190B.html

http://www.us-cert.gov/cas/techalerts/TA08-260A.html

http://www.vmware.com/security/advisories/VMSA-2008-0014.html

http://www.vupen.com/english/advisories/2008/2019/references

http://www.vupen.com/english/advisories/2008/2023/references

http://www.vupen.com/english/advisories/2008/2025/references

http://www.vupen.com/english/advisories/2008/2029/references

http://www.vupen.com/english/advisories/2008/2030/references

http://www.vupen.com/english/advisories/2008/2050/references

http://www.vupen.com/english/advisories/2008/2051/references

http://www.vupen.com/english/advisories/2008/2052/references

http://www.vupen.com/english/advisories/2008/2055/references

http://www.vupen.com/english/advisories/2008/2092/references

http://www.vupen.com/english/advisories/2008/2113/references

http://www.vupen.com/english/advisories/2008/2114/references

http://www.vupen.com/english/advisories/2008/2123/references

http://www.vupen.com/english/advisories/2008/2139/references

http://www.vupen.com/english/advisories/2008/2166/references

http://www.vupen.com/english/advisories/2008/2195/references

http://www.vupen.com/english/advisories/2008/2196/references

http://www.vupen.com/english/advisories/2008/2197/references

http://www.vupen.com/english/advisories/2008/2268

http://www.vupen.com/english/advisories/2008/2291

http://www.vupen.com/english/advisories/2008/2334

http://www.vupen.com/english/advisories/2008/2342

http://www.vupen.com/english/advisories/2008/2377

http://www.vupen.com/english/advisories/2008/2383

http://www.vupen.com/english/advisories/2008/2384

http://www.vupen.com/english/advisories/2008/2466

http://www.vupen.com/english/advisories/2008/2467

http://www.vupen.com/english/advisories/2008/2482

http://www.vupen.com/english/advisories/2008/2525

http://www.vupen.com/english/advisories/2008/2549

http://www.vupen.com/english/advisories/2008/2558

http://www.vupen.com/english/advisories/2008/2582

http://www.vupen.com/english/advisories/2008/2584

http://www.vupen.com/english/advisories/2009/0297

http://www.vupen.com/english/advisories/2009/0311

http://www.vupen.com/english/advisories/2010/0622

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-037

https://exchange.xforce.ibmcloud.com/vulnerabilities/43334

https://exchange.xforce.ibmcloud.com/vulnerabilities/43637

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12117

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5725

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5761

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5917

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9627

https://www.exploit-db.com/exploits/6122

https://www.exploit-db.com/exploits/6123

https://www.exploit-db.com/exploits/6130

https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html

https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html

Details

Source: MITRE

Published: 2008-07-08

Updated: 2020-03-24

Type: CWE-331

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 6.8

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

Impact Score: 4

Exploitability Score: 2.2

Severity: MEDIUM

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*

cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:compute_cluster:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:datacenter:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:enterprise:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:standard:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:storage:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:compute_cluster:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:compute_cluster:*:x64:*

cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:datacenter:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:datacenter:*:x64:*

cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:enterprise:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:enterprise:*:x64:*

cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:standard:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:standard:*:x64:*

cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:storage:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:storage:*:x64:*

cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:-:-:*:*:professional:*:x64:*

cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*

OR

cpe:2.3:a:isc:bind:4:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:8:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.9:*:*:*:*:*:*:*

Tenable Plugins

View all (58 total)

IDNameProductFamilySeverity
147379NewStart CGSL CORE 5.04 / MAIN 5.04 : bind Multiple Vulnerabilities (NS-SA-2021-0017)NessusNewStart CGSL Local Security Checks
critical
137170OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)NessusOracleVM Local Security Checks
high
99569OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)NessusOracleVM Local Security Checks
high
79464OracleVM 2.1 : dnsmasq (OVMSA-2009-0022)NessusOracleVM Local Security Checks
medium
78224F5 Networks BIG-IP : BIND DNS cache poisoning vulnerability (SOL8938)NessusF5 Networks Local Security Checks
medium
72834MS08-037: Vulnerabilities in DNS Could Allow Spoofing (951746) (uncredentialed check)NessusDNS
high
67735Oracle Linux 5 : dnsmasq (ELSA-2008-0789)NessusOracle Linux Local Security Checks
medium
67709Oracle Linux 3 / 4 / 5 : bind (ELSA-2008-0533)NessusOracle Linux Local Security Checks
medium
62383GLSA-201209-25 : VMware Player, Server, Workstation: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
60462Scientific Linux Security Update : dnsmasq on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
60437Scientific Linux Security Update : bind on SL 3.0.x , SL 4.x, SL 5.xNessusScientific Linux Local Security Checks
medium
54869Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 8.1 / 9.0 / 9.1 / current : bind (SSA:2008-191-02)NessusSlackware Local Security Checks
medium
49017Multiple Cisco Products Vulnerable to DNS Cache Poisoning AttacksNessusCISCO
medium
41221SuSE9 Security Update : bind (YOU Patch Number 12197)NessusSuSE Local Security Checks
medium
40382VMSA-2008-0014 : Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX, VMware VCB address information disclosure, privilege escalation and other security issues.NessusVMware ESX Local Security Checks
medium
39951openSUSE Security Update : dnsmasq (dnsmasq-147)NessusSuSE Local Security Checks
medium
39920openSUSE Security Update : bind (bind-82)NessusSuSE Local Security Checks
medium
37068Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : ruby1.8 vulnerabilities (USN-651-1)NessusUbuntu Local Security Checks
high
36526Mandriva Linux Security Advisory : bind (MDVSA-2008:139)NessusMandriva Local Security Checks
medium
35693Fedora 9 : dnsmasq-2.45-1.fc9 (2009-1069)NessusFedora Local Security Checks
medium
35347GLSA-200901-03 : pdnsd: Denial of Service and cache poisoningNessusGentoo Local Security Checks
medium
35188GLSA-200812-17 : Ruby: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
34972Slackware 11.0 / 12.0 / 12.1 : ruby (SSA:2008-334-01)NessusSlackware Local Security Checks
medium
34380Fedora 9 : ruby-1.8.6.287-2.fc9 (2008-8738)NessusFedora Local Security Checks
high
4682Mac OS X < 10.5.5 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
34211Mac OS X 10.5.x < 10.5.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
34210Mac OS X Multiple Vulnerabilities (Security Update 2008-006)NessusMacOS X Local Security Checks
critical
34091GLSA-200809-02 : dnsmasq: Denial of Service and DNS spoofingNessusGentoo Local Security Checks
medium
33905FreeBSD : ruby -- DNS spoofing vulnerability (959d384d-6b59-11dd-9d79-001fc61c2a55)NessusFreeBSD Local Security Checks
medium
33895openSUSE 10 Security Update : dnsmasq (dnsmasq-5512)NessusSuSE Local Security Checks
medium
33865RHEL 5 : dnsmasq (RHSA-2008:0789)NessusRed Hat Local Security Checks
medium
33864HP-UX PHNE_37865 : HP-UX Running BIND, Remote DNS Cache Poisoning (HPSBUX02351 SSRT080058 rev.6)NessusHP-UX Local Security Checks
medium
33790Mac OS X Multiple Vulnerabilities (Security Update 2008-005)NessusMacOS X Local Security Checks
critical
33772Debian DSA-1623-1 : dnsmasq - DNS cache poisoningNessusDebian Local Security Checks
medium
33739Debian DSA-1619-1 : python-dns - DNS response spoofingNessusDebian Local Security Checks
medium
33737Debian DSA-1617-1 : refpolicy - incompatible policyNessusDebian Local Security Checks
medium
33565Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : dnsmasq (SSA:2008-205-01)NessusSlackware Local Security Checks
medium
33560Ubuntu 8.04 LTS : dnsmasq vulnerability (USN-627-1)NessusUbuntu Local Security Checks
medium
4601DNS Server Source Port 53 Query UsageNessus Network MonitorDNS Servers
medium
33501openSUSE 10 Security Update : bind (bind-5410)NessusSuSE Local Security Checks
medium
33500SuSE 10 Security Update : bind (ZYPP Patch Number 5409)NessusSuSE Local Security Checks
medium
33494GLSA-200807-08 : BIND: Cache poisoningNessusGentoo Local Security Checks
medium
33470Fedora 8 : bind-9.5.0-28.P1.fc8 (2008-6281)NessusFedora Local Security Checks
critical
33468Fedora 9 : bind-9.5.0-33.P1.fc9 (2008-6256)NessusFedora Local Security Checks
medium
33464Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : bind9 vulnerability (USN-622-1)NessusUbuntu Local Security Checks
medium
33462RHEL 2.1 / 3 / 4 / 5 : bind (RHSA-2008:0533)NessusRed Hat Local Security Checks
medium
33452Debian DSA-1605-1 : glibc - DNS cache poisoningNessusDebian Local Security Checks
medium
33451Debian DSA-1604-1 : bind - DNS cache poisoningNessusDebian Local Security Checks
medium
33450Debian DSA-1603-1 : bind9 - DNS cache poisoningNessusDebian Local Security Checks
medium
33448CentOS 3 / 4 / 5 : bind / selinux-policy (CESA-2008:0533)NessusCentOS Local Security Checks
medium
33447Multiple Vendor DNS Query ID Field Prediction Cache PoisoningNessusDNS
critical
33441MS08-037: Vulnerabilities in DNS Could Allow Spoofing (953230)NessusWindows : Microsoft Bulletins
medium
27094Solaris 9 (x86) : 114265-23NessusSolaris Local Security Checks
medium
26165Solaris 9 (sparc) : 112837-24NessusSolaris Local Security Checks
medium
26139HP-UX PHNE_36973 : HP-UX Running BIND, Remote DNS Cache Poisoning (HPSBUX02251 SSRT071449 rev.3)NessusHP-UX Local Security Checks
medium
4578ISC BIND DNS Query ID Field Prediction Cache Poisoning (deprecated)Nessus Network MonitorDNS Servers
medium
13429Solaris 8 (x86) : 109327-24NessusSolaris Local Security Checks
critical
13321Solaris 8 (sparc) : 109326-24NessusSolaris Local Security Checks
critical