English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75516 CVE descriptions
and 39786 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2008-1447
Description:The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Test IDs: 1.3.6.1.4.1.25623.1.0.835164   1.3.6.1.4.1.25623.1.0.61999   1.3.6.1.4.1.25623.1.0.61947   1.3.6.1.4.1.25623.1.0.61502   1.3.6.1.4.1.25623.1.0.65809   1.3.6.1.4.1.25623.1.0.61249   1.3.6.1.4.1.25623.1.0.65359   1.3.6.1.4.1.25623.1.0.61253   1.3.6.1.4.1.25623.1.0.61464   1.3.6.1.4.1.25623.1.0.61500   1.3.6.1.4.1.25623.1.0.62987   1.3.6.1.4.1.25623.1.0.61478   1.3.6.1.4.1.25623.1.0.61278   1.3.6.1.4.1.25623.1.0.61383   1.3.6.1.4.1.25623.1.0.61731   1.3.6.1.4.1.25623.1.0.61368   1.3.6.1.4.1.25623.1.0.61264   1.3.6.1.4.1.25623.1.0.61280   1.3.6.1.4.1.25623.1.0.63406   1.3.6.1.4.1.25623.1.0.61453   1.3.6.1.4.1.25623.1.0.62000   1.3.6.1.4.1.25623.1.0.61399   1.3.6.1.4.1.25623.1.0.61375   1.3.6.1.4.1.25623.1.0.61287   1.3.6.1.4.1.25623.1.0.61371  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2008-1447
Bugtraq: 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. (Google Search)
http://www.securityfocus.com/archive/1/archive/1/495869/100/0/threaded
Bugtraq: 20080808 New paper: An Illustrated Guide to the Kaminsky DNS Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/495289/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://www.milw0rm.com/exploits/6122
http://www.milw0rm.com/exploits/6123
http://www.milw0rm.com/exploits/6130
http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html
http://www.caughq.org/exploits/CAU-EX-2008-0003.txt
http://www.doxpara.com/?p=1176
http://www.doxpara.com/DMK_BO2K8.ppt
http://www.nominum.com/asset_upload_file741_2661.pdf
http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
AIX APAR: IZ26667
http://www.ibm.com/support/docview.wss?uid=isg1IZ26667
AIX APAR: IZ26668
http://www.ibm.com/support/docview.wss?uid=isg1IZ26668
AIX APAR: IZ26669
http://www.ibm.com/support/docview.wss?uid=isg1IZ26669
AIX APAR: IZ26670
http://www.ibm.com/support/docview.wss?uid=isg1IZ26670
AIX APAR: IZ26671
http://www.ibm.com/support/docview.wss?uid=isg1IZ26671
AIX APAR: IZ26672
http://www.ibm.com/support/docview.wss?uid=isg1IZ26672
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
Cisco Security Advisory: 20080708 Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks
http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml
Cisco Security Advisory: 20080708 Multiple Cisco Product Vulnerable to DNS Cache Poisoning Attacks
http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml
Debian Security Information: DSA-1603 (Google Search)
http://www.debian.org/security/2008/dsa-1603
Debian Security Information: DSA-1604 (Google Search)
http://www.debian.org/security/2008/dsa-1604
Debian Security Information: DSA-1605 (Google Search)
http://www.debian.org/security/2008/dsa-1605
Debian Security Information: DSA-1619 (Google Search)
http://www.debian.org/security/2008/dsa-1619
Debian Security Information: DSA-1623 (Google Search)
http://www.debian.org/security/2008/dsa-1623
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html
FreeBSD Security Advisory: FreeBSD-SA-08:06
http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc
http://security.gentoo.org/glsa/glsa-200807-08.xml
http://security.gentoo.org/glsa/glsa-200812-17.xml
http://security.gentoo.org/glsa/glsa-201209-25.xml
HPdes Security Advisory: HPSBUX02351
http://marc.info/?l=bugtraq&m=121630706004256&w=2
HPdes Security Advisory: SSRT080058
http://marc.info/?l=bugtraq&m=121630706004256&w=2
HPdes Security Advisory: HPSBOV02357
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520
HPdes Security Advisory: HPSBTU02358
http://marc.info/?l=bugtraq&m=121866517322103&w=2
HPdes Security Advisory: HPSBMP02404
http://marc.info/?l=bugtraq&m=123324863916385&w=2
HPdes Security Advisory: SSRT090014
http://marc.info/?l=bugtraq&m=123324863916385&w=2
HPdes Security Advisory: HPSBNS02405
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368
HPdes Security Advisory: SSRT071449
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368
http://www.mandriva.com/security/advisories?name=MDVSA-2008:139
Microsoft Security Bulletin: MS08-037
http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
NETBSD Security Advisory: NetBSD-SA2008-009
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc
OpenBSD Security Advisory: [4.2] 013: SECURITY FIX: July 23, 2008
http://www.openbsd.org/errata42.html#013_bind
OpenBSD Security Advisory: [4.3] 004: SECURITY FIX: July 23, 2008
http://www.openbsd.org/errata43.html#004_bind
RedHat Security Advisories: RHSA-2008:0533
http://rhn.redhat.com/errata/RHSA-2008-0533.html
RedHat Security Advisories: RHSA-2008:0789
http://www.redhat.com/support/errata/RHSA-2008-0789.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.452680
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.539239
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-240048-1
SuSE Security Announcement: SUSE-SA:2008:033 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html
SuSE Security Announcement: SUSE-SR:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://www.ubuntu.com/usn/usn-622-1
http://www.ubuntu.com/usn/usn-627-1
Cert/CC Advisory: TA08-190B
http://www.us-cert.gov/cas/techalerts/TA08-190B.html
Cert/CC Advisory: TA08-190A
http://www.us-cert.gov/cas/techalerts/TA08-190A.html
Cert/CC Advisory: TA08-260A
http://www.us-cert.gov/cas/techalerts/TA08-260A.html
CERT/CC vulnerability note: VU#800113
http://www.kb.cert.org/vuls/id/800113
BugTraq ID: 30131
http://www.securityfocus.com/bid/30131
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5725
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5761
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5917
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9627
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12117
http://www.vupen.com/english/advisories/2008/2019/references
http://www.vupen.com/english/advisories/2008/2023/references
http://www.vupen.com/english/advisories/2008/2025/references
http://www.vupen.com/english/advisories/2008/2029/references
http://www.vupen.com/english/advisories/2008/2030/references
http://www.vupen.com/english/advisories/2008/2113/references
http://www.vupen.com/english/advisories/2008/2114/references
http://www.vupen.com/english/advisories/2008/2123/references
http://www.vupen.com/english/advisories/2008/2139/references
http://www.vupen.com/english/advisories/2008/2166/references
http://www.vupen.com/english/advisories/2008/2195/references
http://www.vupen.com/english/advisories/2008/2196/references
http://www.vupen.com/english/advisories/2008/2197/references
http://www.vupen.com/english/advisories/2008/2268
http://www.vupen.com/english/advisories/2008/2291
http://www.vupen.com/english/advisories/2008/2342
http://www.vupen.com/english/advisories/2008/2466
http://www.vupen.com/english/advisories/2008/2467
http://www.vupen.com/english/advisories/2008/2558
http://www.vupen.com/english/advisories/2008/2584
http://www.vupen.com/english/advisories/2008/2525
http://www.vupen.com/english/advisories/2008/2582
http://www.vupen.com/english/advisories/2008/2549
http://www.vupen.com/english/advisories/2008/2050/references
http://www.vupen.com/english/advisories/2008/2051/references
http://www.vupen.com/english/advisories/2008/2052/references
http://www.vupen.com/english/advisories/2008/2055/references
http://www.vupen.com/english/advisories/2008/2092/references
http://www.vupen.com/english/advisories/2008/2384
http://www.vupen.com/english/advisories/2008/2482
http://www.vupen.com/english/advisories/2008/2334
http://www.vupen.com/english/advisories/2008/2377
http://www.vupen.com/english/advisories/2008/2383
http://www.vupen.com/english/advisories/2009/0297
http://www.vupen.com/english/advisories/2009/0311
http://www.securitytracker.com/id?1020438
http://www.securitytracker.com/id?1020440
http://www.securitytracker.com/id?1020437
http://www.securitytracker.com/id?1020558
http://www.securitytracker.com/id?1020560
http://www.securitytracker.com/id?1020561
http://www.securitytracker.com/id?1020575
http://www.securitytracker.com/id?1020576
http://www.securitytracker.com/id?1020577
http://www.securitytracker.com/id?1020578
http://www.securitytracker.com/id?1020579
http://www.securitytracker.com/id?1020802
http://www.securitytracker.com/id?1020651
http://www.securitytracker.com/id?1020653
http://www.securitytracker.com/id?1020448
http://www.securitytracker.com/id?1020449
http://www.securitytracker.com/id?1020548
http://www.securitytracker.com/id?1020702
http://www.securitytracker.com/id?1020804
http://secunia.com/advisories/31019
http://secunia.com/advisories/30925
http://secunia.com/advisories/30973
http://secunia.com/advisories/30977
http://secunia.com/advisories/30979
http://secunia.com/advisories/30980
http://secunia.com/advisories/30988
http://secunia.com/advisories/30989
http://secunia.com/advisories/30998
http://secunia.com/advisories/31011
http://secunia.com/advisories/31014
http://secunia.com/advisories/31031
http://secunia.com/advisories/31052
http://secunia.com/advisories/31033
http://secunia.com/advisories/31094
http://secunia.com/advisories/31072
http://secunia.com/advisories/31093
http://secunia.com/advisories/31143
http://secunia.com/advisories/31137
http://secunia.com/advisories/31151
http://secunia.com/advisories/31152
http://secunia.com/advisories/31153
http://secunia.com/advisories/31169
http://secunia.com/advisories/31209
http://secunia.com/advisories/31212
http://secunia.com/advisories/31199
http://secunia.com/advisories/31197
http://secunia.com/advisories/31213
http://secunia.com/advisories/31221
http://secunia.com/advisories/31207
http://secunia.com/advisories/31236
http://secunia.com/advisories/31254
http://secunia.com/advisories/31204
http://secunia.com/advisories/31326
http://secunia.com/advisories/31237
http://secunia.com/advisories/31354
http://secunia.com/advisories/31451
http://secunia.com/advisories/31588
http://secunia.com/advisories/31687
http://secunia.com/advisories/31900
http://secunia.com/advisories/31882
http://secunia.com/advisories/31823
http://secunia.com/advisories/31422
http://secunia.com/advisories/31012
http://secunia.com/advisories/31022
http://secunia.com/advisories/31030
http://secunia.com/advisories/31065
http://secunia.com/advisories/33178
http://secunia.com/advisories/31430
http://secunia.com/advisories/31482
http://secunia.com/advisories/31495
http://secunia.com/advisories/33714
http://secunia.com/advisories/33786
http://www.vupen.com/english/advisories/2010/0622
XForce ISS Database: win-dns-client-server-spoofing(43334)
http://xforce.iss.net/xforce/xfdb/43334
XForce ISS Database: cisco-multiple-dns-cache-poisoning(43637)
http://xforce.iss.net/xforce/xfdb/43637

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.