Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SuSE Security Advisory SUSE-SA:2008:033 (bind)

The remote host is missing updates announced in
advisory SUSE-SA:2008:033.

The bind daemon is responsible for resolving hostnames in IP addresses and
vice versa.
The new version of bind uses a random transaction-ID (TRXID) and a random
UDP source-port for DNS queries to address DNS cache poisoning attacks
possible because of the birthday paradox and an attack discovered by Dan
Kaminsky. Unfortunately we do not have details about Kaminsky's attack and
have to trust the statement that a random UDP source-port is sufficient to
stop it.
DNS servers that do not support recursive queries or do not use a cache
(authoritative only servers) are not vulnerable too.

Update packages of bind9 for SLES8 will be available soon.

The glibc stub resolver is known to be vulnerable too and we will publish
updates as soon as possible.

Note, a local attacker can always sniff DNS queries and generate spoofed
responses easily.

If you use the UDP source-port number of the DNS server in your firewall
configuration, for example to let DNS queries through your packetfilter,
then you have to take steps to adapt your filter rules to the new behavior
of the DNS server.

Update your system with the packages as indicated in
the referenced security advisory.

Risk factor : High

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-1447
BugTraq ID: 30131
Bugtraq: 20080808 New paper: An Illustrated Guide to the Kaminsky DNS Vulnerability (Google Search)
Bugtraq: 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. (Google Search)
Cert/CC Advisory: TA08-190A
Cert/CC Advisory: TA08-190B
Cert/CC Advisory: TA08-260A
CERT/CC vulnerability note: VU#800113
Cisco Security Advisory: 20080708 Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks
Debian Security Information: DSA-1603 (Google Search)
Debian Security Information: DSA-1604 (Google Search)
Debian Security Information: DSA-1605 (Google Search)
Debian Security Information: DSA-1619 (Google Search)
Debian Security Information: DSA-1623 (Google Search)
FreeBSD Security Advisory: FreeBSD-SA-08:06
HPdes Security Advisory: HPSBMP02404
HPdes Security Advisory: HPSBNS02405
HPdes Security Advisory: HPSBOV02357
HPdes Security Advisory: HPSBOV03226
HPdes Security Advisory: HPSBTU02358
HPdes Security Advisory: HPSBUX02351
HPdes Security Advisory: SSRT071449
HPdes Security Advisory: SSRT080058
HPdes Security Advisory: SSRT090014
HPdes Security Advisory: SSRT101004
Microsoft Security Bulletin: MS08-037
NETBSD Security Advisory: NetBSD-SA2008-009
OpenBSD Security Advisory: [4.2] 013: SECURITY FIX: July 23, 2008
OpenBSD Security Advisory: [4.3] 004: SECURITY FIX: July 23, 2008
RedHat Security Advisories: RHSA-2008:0533
SuSE Security Announcement: SUSE-SA:2008:033 (Google Search)
SuSE Security Announcement: SUSE-SR:2008:017 (Google Search)
XForce ISS Database: cisco-multiple-dns-cache-poisoning(43637)
XForce ISS Database: win-dns-client-server-spoofing(43334)
CopyrightCopyright (c) 2008 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.