National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2008-1447 Detail

Current Description

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."

Source:  MITRE      Last Modified:  07/08/2008      View Analysis Description

Quick Info

CVE Dictionary Entry:
CVE-2008-1447
Original release date:
07/08/2008
Last revised:
09/28/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
5.0 MEDIUM
Vector:
(AV:N/AC:L/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore:
2.9
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized modification

Vendor Statements (disclaimer)

Official Statement from Red Hat (07/09/2008)

http://rhn.redhat.com/errata/RHSA-2008-0533.html

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc Vendor Advisory External Source NETBSD NetBSD-SA2008-009
http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html Technical Description External Source MISC http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401 Third Party Advisory External Source CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520 Broken Link External Source HP HPSBOV02357
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368 Broken Link External Source HP HPSBNS02405
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html Third Party Advisory External Source APPLE APPLE-SA-2008-07-31
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html Third Party Advisory External Source APPLE APPLE-SA-2008-09-09
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html Third Party Advisory External Source APPLE APPLE-SA-2008-09-12
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html Third Party Advisory External Source APPLE APPLE-SA-2008-09-15
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html Broken Link External Source FULLDISC 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html External Source SUSE SUSE-SA:2008:033
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html Third Party Advisory External Source SUSE SUSE-SR:2008:017
http://marc.info/?l=bugtraq&m=121630706004256&w=2 External Source HP HPSBUX02351
http://marc.info/?l=bugtraq&m=121866517322103&w=2 External Source HP HPSBTU02358
http://marc.info/?l=bugtraq&m=123324863916385&w=2 External Source HP HPSBMP02404
http://marc.info/?l=bugtraq&m=141879471518471&w=2 External Source HP SSRT101004
http://rhn.redhat.com/errata/RHSA-2008-0533.html External Source REDHAT RHSA-2008:0533
http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc External Source FREEBSD FreeBSD-SA-08:06
http://security.gentoo.org/glsa/glsa-200807-08.xml External Source GENTOO GLSA-200807-08
http://security.gentoo.org/glsa/glsa-200812-17.xml External Source GENTOO GLSA-200812-17
http://security.gentoo.org/glsa/glsa-201209-25.xml External Source GENTOO GLSA-201209-25
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.452680 External Source SLACKWARE SSA:2008-205-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.539239 External Source SLACKWARE SSA:2008-191
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1 External Source SUNALERT 239392
http://sunsolve.sun.com/search/document.do?assetkey=1-26-240048-1 External Source SUNALERT 240048
http://support.apple.com/kb/HT3026 External Source CONFIRM http://support.apple.com/kb/HT3026
http://support.apple.com/kb/HT3129 External Source CONFIRM http://support.apple.com/kb/HT3129
http://support.citrix.com/article/CTX117991 External Source CONFIRM http://support.citrix.com/article/CTX117991
http://support.citrix.com/article/CTX118183 External Source CONFIRM http://support.citrix.com/article/CTX118183
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=762152 External Source CONFIRM http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=762152
http://up2date.astaro.com/2008/08/up2date_7202_released.html External Source CONFIRM http://up2date.astaro.com/2008/08/up2date_7202_released.html
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231 External Source CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 External Source CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning External Source CONFIRM http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning
http://www.caughq.org/exploits/CAU-EX-2008-0002.txt External Source MISC http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
http://www.caughq.org/exploits/CAU-EX-2008-0003.txt External Source MISC http://www.caughq.org/exploits/CAU-EX-2008-0003.txt
http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml External Source CISCO 20080708 Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks
http://www.debian.org/security/2008/dsa-1603 Patch External Source DEBIAN DSA-1603
http://www.debian.org/security/2008/dsa-1604 External Source DEBIAN DSA-1604
http://www.debian.org/security/2008/dsa-1605 External Source DEBIAN DSA-1605
http://www.debian.org/security/2008/dsa-1619 External Source DEBIAN DSA-1619
http://www.debian.org/security/2008/dsa-1623 External Source DEBIAN DSA-1623
http://www.doxpara.com/?p=1176 External Source MISC http://www.doxpara.com/?p=1176
http://www.doxpara.com/DMK_BO2K8.ppt External Source MISC http://www.doxpara.com/DMK_BO2K8.ppt
http://www.ibm.com/support/docview.wss?uid=isg1IZ26667 External Source AIXAPAR IZ26667
http://www.ibm.com/support/docview.wss?uid=isg1IZ26668 External Source AIXAPAR IZ26668
http://www.ibm.com/support/docview.wss?uid=isg1IZ26669 External Source AIXAPAR IZ26669
http://www.ibm.com/support/docview.wss?uid=isg1IZ26670 External Source AIXAPAR IZ26670
http://www.ibm.com/support/docview.wss?uid=isg1IZ26671 External Source AIXAPAR IZ26671
http://www.ibm.com/support/docview.wss?uid=isg1IZ26672 External Source AIXAPAR IZ26672
http://www.ipcop.org/index.php?name=News&file=article&sid=40 External Source CONFIRM http://www.ipcop.org/index.php?name=News&file=article&sid=40
http://www.isc.org/index.pl?/sw/bind/bind-security.php External Source CONFIRM http://www.isc.org/index.pl?/sw/bind/bind-security.php
http://www.kb.cert.org/vuls/id/800113 US Government Resource External Source CERT-VN VU#800113
http://www.kb.cert.org/vuls/id/MIMG-7DWR4J External Source CONFIRM http://www.kb.cert.org/vuls/id/MIMG-7DWR4J
http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q External Source CONFIRM http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q
http://www.mandriva.com/security/advisories?name=MDVSA-2008:139 External Source MANDRIVA MDVSA-2008:139
http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx Patch; Vendor Advisory External Source MS MS08-037
http://www.nominum.com/asset_upload_file741_2661.pdf External Source MISC http://www.nominum.com/asset_upload_file741_2661.pdf
http://www.novell.com/support/viewContent.do?externalId=7000912 External Source CONFIRM http://www.novell.com/support/viewContent.do?externalId=7000912
http://www.openbsd.org/errata42.html#013_bind External Source OPENBSD [4.2] 013: SECURITY FIX: July 23, 2008
http://www.openbsd.org/errata43.html#004_bind External Source OPENBSD [4.3] 004: SECURITY FIX: July 23, 2008
http://www.phys.uu.nl/~rombouts/pdnsd.html External Source CONFIRM http://www.phys.uu.nl/~rombouts/pdnsd.html
http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog External Source CONFIRM http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog
http://www.redhat.com/support/errata/RHSA-2008-0789.html External Source REDHAT RHSA-2008:0789
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html External Source CONFIRM http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ External Source CONFIRM http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
http://www.securityfocus.com/archive/1/archive/1/495289/100/0/threaded External Source BUGTRAQ 20080808 New paper: An Illustrated Guide to the Kaminsky DNS Vulnerability
http://www.securityfocus.com/archive/1/archive/1/495869/100/0/threaded External Source BUGTRAQ 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
http://www.securityfocus.com/bid/30131 External Source BID 30131
http://www.securitytracker.com/id?1020437 External Source SECTRACK 1020437
http://www.securitytracker.com/id?1020438 External Source SECTRACK 1020438
http://www.securitytracker.com/id?1020440 External Source SECTRACK 1020440
http://www.securitytracker.com/id?1020448 External Source SECTRACK 1020448
http://www.securitytracker.com/id?1020449 External Source SECTRACK 1020449
http://www.securitytracker.com/id?1020548 External Source SECTRACK 1020548
http://www.securitytracker.com/id?1020558 External Source SECTRACK 1020558
http://www.securitytracker.com/id?1020560 External Source SECTRACK 1020560
http://www.securitytracker.com/id?1020561 External Source SECTRACK 1020561
http://www.securitytracker.com/id?1020575 External Source SECTRACK 1020575
http://www.securitytracker.com/id?1020576 External Source SECTRACK 1020576
http://www.securitytracker.com/id?1020577 External Source SECTRACK 1020577
http://www.securitytracker.com/id?1020578 External Source SECTRACK 1020578
http://www.securitytracker.com/id?1020579 External Source SECTRACK 1020579
http://www.securitytracker.com/id?1020651 External Source SECTRACK 1020651
http://www.securitytracker.com/id?1020653 External Source SECTRACK 1020653
http://www.securitytracker.com/id?1020702 External Source SECTRACK 1020702
http://www.securitytracker.com/id?1020802 External Source SECTRACK 1020802
http://www.securitytracker.com/id?1020804 External Source SECTRACK 1020804
http://www.ubuntu.com/usn/usn-622-1 External Source UBUNTU USN-622-1
http://www.ubuntu.com/usn/usn-627-1 External Source UBUNTU USN-627-1
http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html External Source MISC http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
http://www.us-cert.gov/cas/techalerts/TA08-190A.html US Government Resource External Source CERT TA08-190A
http://www.us-cert.gov/cas/techalerts/TA08-190B.html US Government Resource External Source CERT TA08-190B
http://www.us-cert.gov/cas/techalerts/TA08-260A.html US Government Resource External Source CERT TA08-260A
http://www.vmware.com/security/advisories/VMSA-2008-0014.html External Source CONFIRM http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://www.vupen.com/english/advisories/2008/2019/references External Source VUPEN ADV-2008-2019
http://www.vupen.com/english/advisories/2008/2023/references External Source VUPEN ADV-2008-2023
http://www.vupen.com/english/advisories/2008/2025/references External Source VUPEN ADV-2008-2025
http://www.vupen.com/english/advisories/2008/2029/references External Source VUPEN ADV-2008-2029
http://www.vupen.com/english/advisories/2008/2030/references External Source VUPEN ADV-2008-2030
http://www.vupen.com/english/advisories/2008/2050/references External Source VUPEN ADV-2008-2050
http://www.vupen.com/english/advisories/2008/2051/references External Source VUPEN ADV-2008-2051
http://www.vupen.com/english/advisories/2008/2052/references External Source VUPEN ADV-2008-2052
http://www.vupen.com/english/advisories/2008/2055/references External Source VUPEN ADV-2008-2055
http://www.vupen.com/english/advisories/2008/2092/references External Source VUPEN ADV-2008-2092
http://www.vupen.com/english/advisories/2008/2113/references External Source VUPEN ADV-2008-2113
http://www.vupen.com/english/advisories/2008/2114/references External Source VUPEN ADV-2008-2114
http://www.vupen.com/english/advisories/2008/2123/references External Source VUPEN ADV-2008-2123
http://www.vupen.com/english/advisories/2008/2139/references External Source VUPEN ADV-2008-2139
http://www.vupen.com/english/advisories/2008/2166/references External Source VUPEN ADV-2008-2166
http://www.vupen.com/english/advisories/2008/2195/references External Source VUPEN ADV-2008-2195
http://www.vupen.com/english/advisories/2008/2196/references External Source VUPEN ADV-2008-2196
http://www.vupen.com/english/advisories/2008/2197/references External Source VUPEN ADV-2008-2197
http://www.vupen.com/english/advisories/2008/2268 External Source VUPEN ADV-2008-2268
http://www.vupen.com/english/advisories/2008/2291 External Source VUPEN ADV-2008-2291
http://www.vupen.com/english/advisories/2008/2334 External Source VUPEN ADV-2008-2334
http://www.vupen.com/english/advisories/2008/2342 External Source VUPEN ADV-2008-2342
http://www.vupen.com/english/advisories/2008/2377 External Source VUPEN ADV-2008-2377
http://www.vupen.com/english/advisories/2008/2383 External Source VUPEN ADV-2008-2383
http://www.vupen.com/english/advisories/2008/2384 External Source VUPEN ADV-2008-2384
http://www.vupen.com/english/advisories/2008/2466 External Source VUPEN ADV-2008-2466
http://www.vupen.com/english/advisories/2008/2467 External Source VUPEN ADV-2008-2467
http://www.vupen.com/english/advisories/2008/2482 External Source VUPEN ADV-2008-2482
http://www.vupen.com/english/advisories/2008/2525 External Source VUPEN ADV-2008-2525
http://www.vupen.com/english/advisories/2008/2549 External Source VUPEN ADV-2008-2549
http://www.vupen.com/english/advisories/2008/2558 External Source VUPEN ADV-2008-2558
http://www.vupen.com/english/advisories/2008/2582 External Source VUPEN ADV-2008-2582
http://www.vupen.com/english/advisories/2008/2584 External Source VUPEN ADV-2008-2584
http://www.vupen.com/english/advisories/2009/0297 External Source VUPEN ADV-2009-0297
http://www.vupen.com/english/advisories/2009/0311 External Source VUPEN ADV-2009-0311
http://www.vupen.com/english/advisories/2010/0622 External Source VUPEN ADV-2010-0622
https://exchange.xforce.ibmcloud.com/vulnerabilities/43334 External Source XF win-dns-client-server-spoofing(43334)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43637 External Source XF cisco-multiple-dns-cache-poisoning(43637)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12117 External Source OVAL oval:org.mitre.oval:def:12117
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5725 External Source OVAL oval:org.mitre.oval:def:5725
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5761 External Source OVAL oval:org.mitre.oval:def:5761
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5917 External Source OVAL oval:org.mitre.oval:def:5917
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9627 External Source OVAL oval:org.mitre.oval:def:9627
https://www.exploit-db.com/exploits/6122 External Source EXPLOIT-DB 6122
https://www.exploit-db.com/exploits/6123 External Source EXPLOIT-DB 6123
https://www.exploit-db.com/exploits/6130 External Source EXPLOIT-DB 6130
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html External Source FEDORA FEDORA-2008-6256
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html External Source FEDORA FEDORA-2008-6281

References to Check Content

Identifier:
oval:org.mitre.oval:def:12117
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12117
Identifier:
oval:org.mitre.oval:def:5725
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:5725
Identifier:
oval:org.mitre.oval:def:5761
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:5761
Identifier:
oval:org.mitre.oval:def:5917
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:5917
Identifier:
oval:org.mitre.oval:def:9627
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9627

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
AND
OR
cpe:2.3:o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu:8.04:*:lts:*:*:*:*:*
cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:2003_server:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:2003_server:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:2003_server:sp2_itanium:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:2003_server:sp2_x64:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:xp:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:xp_professional:*:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows:xp_professional:sp2_x64:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
OR
cpe:2.3:a:isc:bind:4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2.9:*:*:*:*:*:*:*

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 26 change records found - show changes