{ "schema_version": "1.4.0", "id": "GHSA-r5r9-27m2-2jg7", "modified": "2022-05-03T03:19:14Z", "published": "2022-05-03T03:19:14Z", "aliases": [ "CVE-2008-1447" ], "details": "The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka \"DNS Insufficient Socket Entropy Vulnerability\" or \"the Kaminsky bug.\"", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" } ], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1447" }, { "type": "WEB", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-037" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43334" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43637" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12117" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5725" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5761" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5917" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9627" }, { "type": "WEB", "url": "https://www.exploit-db.com/exploits/6122" }, { "type": "WEB", "url": "https://www.exploit-db.com/exploits/6123" }, { "type": "WEB", "url": "https://www.exploit-db.com/exploits/6130" }, { "type": "WEB", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html" }, { "type": "WEB", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html" }, { "type": "WEB", "url": "http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html" }, { "type": "WEB", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401" }, { "type": "WEB", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520" }, { "type": "WEB", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" }, { "type": "WEB", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq&m=121630706004256&w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq&m=121866517322103&w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq&m=123324863916385&w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq&m=141879471518471&w=2" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2008-0533.html" }, { "type": "WEB", "url": "http://secunia.com/advisories/30925" }, { "type": "WEB", "url": "http://secunia.com/advisories/30973" }, { "type": "WEB", "url": "http://secunia.com/advisories/30977" }, { "type": "WEB", "url": "http://secunia.com/advisories/30979" }, { "type": "WEB", "url": "http://secunia.com/advisories/30980" }, { "type": "WEB", "url": "http://secunia.com/advisories/30988" }, { "type": "WEB", "url": "http://secunia.com/advisories/30989" }, { "type": "WEB", "url": "http://secunia.com/advisories/30998" }, { "type": "WEB", "url": "http://secunia.com/advisories/31011" }, { "type": "WEB", "url": "http://secunia.com/advisories/31012" }, { "type": "WEB", "url": "http://secunia.com/advisories/31014" }, { "type": "WEB", "url": "http://secunia.com/advisories/31019" }, { "type": "WEB", "url": "http://secunia.com/advisories/31022" }, { "type": "WEB", "url": "http://secunia.com/advisories/31030" }, { "type": "WEB", "url": "http://secunia.com/advisories/31031" }, { "type": "WEB", "url": "http://secunia.com/advisories/31033" }, { "type": "WEB", "url": "http://secunia.com/advisories/31052" }, { "type": "WEB", "url": "http://secunia.com/advisories/31065" }, { "type": "WEB", "url": "http://secunia.com/advisories/31072" }, { "type": "WEB", "url": "http://secunia.com/advisories/31093" }, { "type": "WEB", "url": "http://secunia.com/advisories/31094" }, { "type": "WEB", "url": "http://secunia.com/advisories/31137" }, { "type": "WEB", "url": "http://secunia.com/advisories/31143" }, { "type": "WEB", "url": "http://secunia.com/advisories/31151" }, { "type": "WEB", "url": "http://secunia.com/advisories/31152" }, { "type": "WEB", "url": "http://secunia.com/advisories/31153" }, { "type": "WEB", "url": "http://secunia.com/advisories/31169" }, { "type": "WEB", "url": "http://secunia.com/advisories/31197" }, { "type": "WEB", "url": "http://secunia.com/advisories/31199" }, { "type": "WEB", "url": "http://secunia.com/advisories/31204" }, { "type": "WEB", "url": "http://secunia.com/advisories/31207" }, { "type": "WEB", "url": "http://secunia.com/advisories/31209" }, { "type": "WEB", "url": "http://secunia.com/advisories/31212" }, { "type": "WEB", "url": "http://secunia.com/advisories/31213" }, { "type": "WEB", "url": "http://secunia.com/advisories/31221" }, { "type": "WEB", "url": "http://secunia.com/advisories/31236" }, { "type": "WEB", "url": "http://secunia.com/advisories/31237" }, { "type": "WEB", "url": "http://secunia.com/advisories/31254" }, { "type": "WEB", "url": "http://secunia.com/advisories/31326" }, { "type": "WEB", "url": "http://secunia.com/advisories/31354" }, { "type": "WEB", "url": "http://secunia.com/advisories/31422" }, { "type": "WEB", "url": "http://secunia.com/advisories/31430" }, { "type": "WEB", "url": "http://secunia.com/advisories/31451" }, { "type": "WEB", "url": "http://secunia.com/advisories/31482" }, { "type": "WEB", "url": "http://secunia.com/advisories/31495" }, { "type": "WEB", "url": "http://secunia.com/advisories/31588" }, { "type": "WEB", "url": "http://secunia.com/advisories/31687" }, { "type": "WEB", "url": "http://secunia.com/advisories/31823" }, { "type": "WEB", "url": "http://secunia.com/advisories/31882" }, { "type": "WEB", "url": "http://secunia.com/advisories/31900" }, { "type": "WEB", "url": "http://secunia.com/advisories/33178" }, { "type": "WEB", "url": "http://secunia.com/advisories/33714" }, { "type": "WEB", "url": "http://secunia.com/advisories/33786" }, { "type": "WEB", "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc" }, { "type": "WEB", "url": "http://security.gentoo.org/glsa/glsa-200807-08.xml" }, { "type": "WEB", "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml" }, { "type": "WEB", "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml" }, { "type": "WEB", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.452680" }, { "type": "WEB", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.539239" }, { "type": "WEB", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1" }, { "type": "WEB", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240048-1" }, { "type": "WEB", "url": "http://support.apple.com/kb/HT3026" }, { "type": "WEB", "url": "http://support.apple.com/kb/HT3129" }, { "type": "WEB", "url": "http://support.citrix.com/article/CTX117991" }, { "type": "WEB", "url": "http://support.citrix.com/article/CTX118183" }, { "type": "WEB", "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=762152" }, { "type": "WEB", "url": "http://up2date.astaro.com/2008/08/up2date_7202_released.html" }, { "type": "WEB", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231" }, { "type": "WEB", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018" }, { "type": "WEB", "url": "http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning" }, { "type": "WEB", "url": "http://www.caughq.org/exploits/CAU-EX-2008-0002.txt" }, { "type": "WEB", "url": "http://www.caughq.org/exploits/CAU-EX-2008-0003.txt" }, { "type": "WEB", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml" }, { "type": "WEB", "url": "http://www.debian.org/security/2008/dsa-1603" }, { "type": "WEB", "url": "http://www.debian.org/security/2008/dsa-1604" }, { "type": "WEB", "url": "http://www.debian.org/security/2008/dsa-1605" }, { "type": "WEB", "url": "http://www.debian.org/security/2008/dsa-1619" }, { "type": "WEB", "url": "http://www.debian.org/security/2008/dsa-1623" }, { "type": "WEB", "url": "http://www.doxpara.com/?p=1176" }, { "type": "WEB", "url": "http://www.doxpara.com/DMK_BO2K8.ppt" }, { "type": "WEB", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26667" }, { "type": "WEB", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26668" }, { "type": "WEB", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26669" }, { "type": "WEB", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26670" }, { "type": "WEB", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26671" }, { "type": "WEB", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ26672" }, { "type": "WEB", "url": "http://www.ipcop.org/index.php?name=News&file=article&sid=40" }, { "type": "WEB", "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php" }, { "type": "WEB", "url": "http://www.kb.cert.org/vuls/id/800113" }, { "type": "WEB", "url": "http://www.kb.cert.org/vuls/id/MIMG-7DWR4J" }, { "type": "WEB", "url": "http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q" }, { "type": "WEB", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:139" }, { "type": "WEB", "url": "http://www.nominum.com/asset_upload_file741_2661.pdf" }, { "type": "WEB", "url": "http://www.novell.com/support/viewContent.do?externalId=7000912" }, { "type": "WEB", "url": "http://www.openbsd.org/errata42.html#013_bind" }, { "type": "WEB", "url": "http://www.openbsd.org/errata43.html#004_bind" }, { "type": "WEB", "url": "http://www.phys.uu.nl/~rombouts/pdnsd.html" }, { "type": "WEB", "url": "http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2008-0789.html" }, { "type": "WEB", "url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html" }, { "type": "WEB", "url": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/495289/100/0/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/30131" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1020437" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1020438" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1020440" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1020448" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1020449" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1020548" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1020558" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1020560" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1020561" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1020575" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1020576" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1020577" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1020578" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1020579" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1020651" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1020653" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1020702" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1020802" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1020804" }, { "type": "WEB", "url": "http://www.ubuntu.com/usn/usn-622-1" }, { "type": "WEB", "url": "http://www.ubuntu.com/usn/usn-627-1" }, { "type": "WEB", "url": "http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html" }, { "type": "WEB", "url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html" }, { "type": "WEB", "url": "http://www.us-cert.gov/cas/techalerts/TA08-190B.html" }, { "type": "WEB", "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" }, { "type": "WEB", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2019/references" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2023/references" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2025/references" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2029/references" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2030/references" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2050/references" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2051/references" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2052/references" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2055/references" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2092/references" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2113/references" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2114/references" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2123/references" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2139/references" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2166/references" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2195/references" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2196/references" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2197/references" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2268" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2291" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2334" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2342" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2377" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2383" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2384" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2466" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2467" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2482" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2525" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2549" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2558" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2582" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2008/2584" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2009/0297" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2009/0311" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2010/0622" } ], "database_specific": { "cwe_ids": [ "CWE-331" ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2008-07-08T23:41:00Z" } }