Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:
CVE Vulnerabilities
38426
Checklists
128
US-CERT Alerts
179
US-CERT Vuln Notes
2345
OVAL Queries
2517
CPE Names
17819

Last updated: Tue Aug 25 06:56:41 EDT 2009

CVE Publication rate: 17.23

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index

Vulnerability Workload Index: 9.82

About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

National Cyber-Alert System

Vulnerability Summary for CVE-2008-1447

Original release date:07/08/2008
Last revised:03/18/2009
Source: US-CERT/NIST

Overview

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:6.4 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:P/A:P) (legend)
Impact Subscore: 4.9
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type:Allows unauthorized modification; Allows disruption of service

Vendor Statments (disclaimer)

Official Statement from Red Hat (07/09/2008)
http://rhn.redhat.com/errata/RHSA-2008-0533.html

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA08-260A
Name: TA08-260A
Hyperlink:http://www.us-cert.gov/cas/techalerts/TA08-260A.html
US-CERT Technical Alert: TA08-190B
Name: TA08-190B
Hyperlink:http://www.us-cert.gov/cas/techalerts/TA08-190B.html
US-CERT Technical Alert: TA08-190A
Name: TA08-190A
Hyperlink:http://www.us-cert.gov/cas/techalerts/TA08-190A.html
US-CERT Vulnerability Note: VU#800113
Name: VU#800113
Hyperlink:http://www.kb.cert.org/vuls/id/800113
External Source: MS
Name: MS08-037
Type: Advisory; Patch Information
Hyperlink:http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
External Source: DEBIAN
Name: DSA-1603
Type: Patch Information
Hyperlink:http://www.debian.org/security/2008/dsa-1603
External Source: FEDORA
Name: FEDORA-2008-6281
Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html
External Source: FEDORA
Name: FEDORA-2008-6256
Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html
External Source: XF
Name: cisco-multiple-dns-cache-poisoning(43637)
Hyperlink:http://xforce.iss.net/xforce/xfdb/43637
External Source: XF
Name: win-dns-client-server-spoofing(43334)
Hyperlink:http://xforce.iss.net/xforce/xfdb/43334
External Source: CONFIRM
Name: http://www.vmware.com/security/advisories/VMSA-2008-0014.html
Hyperlink:http://www.vmware.com/security/advisories/VMSA-2008-0014.html
External Source: MISC
Name: http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
Hyperlink:http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
External Source: UBUNTU
Name: USN-622-1
Hyperlink:http://www.ubuntu.com/usn/usn-622-1
External Source: SECTRACK
Name: 1020804
Hyperlink:http://www.securitytracker.com/id?1020804
External Source: SECTRACK
Name: 1020802
Hyperlink:http://www.securitytracker.com/id?1020802
External Source: SECTRACK
Name: 1020702
Hyperlink:http://www.securitytracker.com/id?1020702
External Source: SECTRACK
Name: 1020653
Hyperlink:http://www.securitytracker.com/id?1020653
External Source: SECTRACK
Name: 1020651
Hyperlink:http://www.securitytracker.com/id?1020651
External Source: SECTRACK
Name: 1020579
Hyperlink:http://www.securitytracker.com/id?1020579
External Source: SECTRACK
Name: 1020578
Hyperlink:http://www.securitytracker.com/id?1020578
External Source: SECTRACK
Name: 1020577
Hyperlink:http://www.securitytracker.com/id?1020577
External Source: SECTRACK
Name: 1020576
Hyperlink:http://www.securitytracker.com/id?1020576
External Source: SECTRACK
Name: 1020575
Hyperlink:http://www.securitytracker.com/id?1020575
External Source: SECTRACK
Name: 1020561
Hyperlink:http://www.securitytracker.com/id?1020561
External Source: SECTRACK
Name: 1020560
Hyperlink:http://www.securitytracker.com/id?1020560
External Source: SECTRACK
Name: 1020558
Hyperlink:http://www.securitytracker.com/id?1020558
External Source: SECTRACK
Name: 1020548
Hyperlink:http://www.securitytracker.com/id?1020548
External Source: SECTRACK
Name: 1020449
Hyperlink:http://www.securitytracker.com/id?1020449
External Source: SECTRACK
Name: 1020448
Hyperlink:http://www.securitytracker.com/id?1020448
External Source: SECTRACK
Name: 1020440
Hyperlink:http://www.securitytracker.com/id?1020440
External Source: SECTRACK
Name: 1020438
Hyperlink:http://www.securitytracker.com/id?1020438
External Source: SECTRACK
Name: 1020437
Hyperlink:http://www.securitytracker.com/id?1020437
External Source: BID
Name: 30131
Hyperlink:http://www.securityfocus.com/bid/30131
External Source: BUGTRAQ
Name: 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
Hyperlink:http://www.securityfocus.com/archive/1/archive/1/495869/100/0/threaded
External Source: BUGTRAQ
Name: 20080808 New paper: An Illustrated Guide to the Kaminsky DNS Vulnerability
Hyperlink:http://www.securityfocus.com/archive/1/archive/1/495289/100/0/threaded
External Source: CONFIRM
Name: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
Hyperlink:http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
External Source: CONFIRM
Name: http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html
Hyperlink:http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html
External Source: REDHAT
Name: RHSA-2008:0789
Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0789.html
External Source: CONFIRM
Name: http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog
Hyperlink:http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog
External Source: CONFIRM
Name: http://www.phys.uu.nl/~rombouts/pdnsd.html
Hyperlink:http://www.phys.uu.nl/~rombouts/pdnsd.html
External Source: OPENBSD
Name: [4.3] 004: SECURITY FIX: July 23, 2008
Hyperlink:http://www.openbsd.org/errata43.html#004_bind
External Source: OPENBSD
Name: [4.2] 013: SECURITY FIX: July 23, 2008
Hyperlink:http://www.openbsd.org/errata42.html#013_bind
External Source: CONFIRM
Name: http://www.novell.com/support/viewContent.do?externalId=7000912
Hyperlink:http://www.novell.com/support/viewContent.do?externalId=7000912
External Source: MISC
Name: http://www.nominum.com/asset_upload_file741_2661.pdf
Hyperlink:http://www.nominum.com/asset_upload_file741_2661.pdf
External Source: MILW0RM
Name: 6130
Hyperlink:http://www.milw0rm.com/exploits/6130
External Source: MILW0RM
Name: 6123
Hyperlink:http://www.milw0rm.com/exploits/6123
External Source: MILW0RM
Name: 6122
Hyperlink:http://www.milw0rm.com/exploits/6122
External Source: MANDRIVA
Name: MDVSA-2008:139
Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2008:139
External Source: CONFIRM
Name: http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q
Hyperlink:http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q
External Source: CONFIRM
Name: http://www.kb.cert.org/vuls/id/MIMG-7DWR4J
Hyperlink:http://www.kb.cert.org/vuls/id/MIMG-7DWR4J
External Source: CONFIRM
Name: http://www.isc.org/index.pl?/sw/bind/bind-security.php
Hyperlink:http://www.isc.org/index.pl?/sw/bind/bind-security.php
External Source: CONFIRM
Name: http://www.ipcop.org/index.php?name=News&file=article&sid=40
Hyperlink:http://www.ipcop.org/index.php?name=News&file=article&sid=40
External Source: AIXAPAR
Name: IZ26672
Hyperlink:http://www.ibm.com/support/docview.wss?uid=isg1IZ26672
External Source: AIXAPAR
Name: IZ26671
Hyperlink:http://www.ibm.com/support/docview.wss?uid=isg1IZ26671
External Source: AIXAPAR
Name: IZ26670
Hyperlink:http://www.ibm.com/support/docview.wss?uid=isg1IZ26670
External Source: AIXAPAR
Name: IZ26669
Hyperlink:http://www.ibm.com/support/docview.wss?uid=isg1IZ26669
External Source: AIXAPAR
Name: IZ26668
Hyperlink:http://www.ibm.com/support/docview.wss?uid=isg1IZ26668
External Source: AIXAPAR
Name: IZ26667
Hyperlink:http://www.ibm.com/support/docview.wss?uid=isg1IZ26667
External Source: VUPEN
Name: ADV-2009-0311
Hyperlink:http://www.frsirt.com/english/advisories/2009/0311
External Source: VUPEN
Name: ADV-2009-0297
Hyperlink:http://www.frsirt.com/english/advisories/2009/0297
External Source: VUPEN
Name: ADV-2008-2584
Hyperlink:http://www.frsirt.com/english/advisories/2008/2584
External Source: VUPEN
Name: ADV-2008-2582
Hyperlink:http://www.frsirt.com/english/advisories/2008/2582
External Source: VUPEN
Name: ADV-2008-2558
Hyperlink:http://www.frsirt.com/english/advisories/2008/2558
External Source: VUPEN
Name: ADV-2008-2549
Hyperlink:http://www.frsirt.com/english/advisories/2008/2549
External Source: VUPEN
Name: ADV-2008-2525
Hyperlink:http://www.frsirt.com/english/advisories/2008/2525
External Source: VUPEN
Name: ADV-2008-2482
Hyperlink:http://www.frsirt.com/english/advisories/2008/2482
External Source: VUPEN
Name: ADV-2008-2467
Hyperlink:http://www.frsirt.com/english/advisories/2008/2467
External Source: VUPEN
Name: ADV-2008-2466
Type: Advisory
Hyperlink:http://www.frsirt.com/english/advisories/2008/2466
External Source: VUPEN
Name: ADV-2008-2384
Hyperlink:http://www.frsirt.com/english/advisories/2008/2384
External Source: VUPEN
Name: ADV-2008-2383
Hyperlink:http://www.frsirt.com/english/advisories/2008/2383
External Source: VUPEN
Name: ADV-2008-2377
Hyperlink:http://www.frsirt.com/english/advisories/2008/2377
External Source: VUPEN
Name: ADV-2008-2342
Type: Advisory
Hyperlink:http://www.frsirt.com/english/advisories/2008/2342
External Source: VUPEN
Name: ADV-2008-2334
Hyperlink:http://www.frsirt.com/english/advisories/2008/2334
External Source: VUPEN
Name: ADV-2008-2291
Hyperlink:http://www.frsirt.com/english/advisories/2008/2291
External Source: VUPEN
Name: ADV-2008-2268
Hyperlink:http://www.frsirt.com/english/advisories/2008/2268
External Source: VUPEN
Name: ADV-2008-2197
Hyperlink:http://www.frsirt.com/english/advisories/2008/2197/references
External Source: VUPEN
Name: ADV-2008-2196
Type: Advisory
Hyperlink:http://www.frsirt.com/english/advisories/2008/2196/references
External Source: VUPEN
Name: ADV-2008-2195
Hyperlink:http://www.frsirt.com/english/advisories/2008/2195/references
External Source: VUPEN
Name: ADV-2008-2166
Type: Advisory
Hyperlink:http://www.frsirt.com/english/advisories/2008/2166/references
External Source: VUPEN
Name: ADV-2008-2139
Hyperlink:http://www.frsirt.com/english/advisories/2008/2139/references
External Source: VUPEN
Name: ADV-2008-2123
Hyperlink:http://www.frsirt.com/english/advisories/2008/2123/references
External Source: VUPEN
Name: ADV-2008-2114
Hyperlink:http://www.frsirt.com/english/advisories/2008/2114/references
External Source: VUPEN
Name: ADV-2008-2113
Type: Advisory
Hyperlink:http://www.frsirt.com/english/advisories/2008/2113/references
External Source: VUPEN
Name: ADV-2008-2092
Hyperlink:http://www.frsirt.com/english/advisories/2008/2092/references
External Source: VUPEN
Name: ADV-2008-2055
Hyperlink:http://www.frsirt.com/english/advisories/2008/2055/references
External Source: VUPEN
Name: ADV-2008-2052
Hyperlink:http://www.frsirt.com/english/advisories/2008/2052/references
External Source: VUPEN
Name: ADV-2008-2051
Hyperlink:http://www.frsirt.com/english/advisories/2008/2051/references
External Source: VUPEN
Name: ADV-2008-2050
Hyperlink:http://www.frsirt.com/english/advisories/2008/2050/references
External Source: VUPEN
Name: ADV-2008-2030
Hyperlink:http://www.frsirt.com/english/advisories/2008/2030/references
External Source: VUPEN
Name: ADV-2008-2029
Hyperlink:http://www.frsirt.com/english/advisories/2008/2029/references
External Source: VUPEN
Name: ADV-2008-2025
Hyperlink:http://www.frsirt.com/english/advisories/2008/2025/references
External Source: VUPEN
Name: ADV-2008-2023
Type: Advisory
Hyperlink:http://www.frsirt.com/english/advisories/2008/2023/references
External Source: VUPEN
Name: ADV-2008-2019
Type: Advisory
Hyperlink:http://www.frsirt.com/english/advisories/2008/2019/references
External Source: MISC
Name: http://www.doxpara.com/DMK_BO2K8.ppt
Hyperlink:http://www.doxpara.com/DMK_BO2K8.ppt
External Source: MISC
Name: http://www.doxpara.com/?p=1176
Hyperlink:http://www.doxpara.com/?p=1176
External Source: DEBIAN
Name: DSA-1623
Hyperlink:http://www.debian.org/security/2008/dsa-1623
External Source: DEBIAN
Name: DSA-1619
Hyperlink:http://www.debian.org/security/2008/dsa-1619
External Source: DEBIAN
Name: DSA-1605
Hyperlink:http://www.debian.org/security/2008/dsa-1605
External Source: DEBIAN
Name: DSA-1604
Hyperlink:http://www.debian.org/security/2008/dsa-1604
External Source: CISCO
Name: 20080708 Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks
Hyperlink:http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml
External Source: MISC
Name: http://www.caughq.org/exploits/CAU-EX-2008-0003.txt
Hyperlink:http://www.caughq.org/exploits/CAU-EX-2008-0003.txt
External Source: MISC
Name: http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
Hyperlink:http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
External Source: CONFIRM
Name: http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning
Hyperlink:http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning
External Source: CONFIRM
Name: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231
Hyperlink:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231
External Source: CONFIRM
Name: http://up2date.astaro.com/2008/08/up2date_7202_released.html
Hyperlink:http://up2date.astaro.com/2008/08/up2date_7202_released.html
External Source: CONFIRM
Name: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=762152
Hyperlink:http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=762152
External Source: CONFIRM
Name: http://support.citrix.com/article/CTX118183
Hyperlink:http://support.citrix.com/article/CTX118183
External Source: CONFIRM
Name: http://support.citrix.com/article/CTX117991
Hyperlink:http://support.citrix.com/article/CTX117991
External Source: CONFIRM
Name: http://support.apple.com/kb/HT3129
Hyperlink:http://support.apple.com/kb/HT3129
External Source: CONFIRM
Name: http://support.apple.com/kb/HT3026
Hyperlink:http://support.apple.com/kb/HT3026
External Source: SUNALERT
Name: 240048
Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-240048-1
External Source: SUNALERT
Name: 239392
Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1
External Source: SLACKWARE
Name: SSA:2008-191
Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.539239
External Source: SLACKWARE
Name: SSA:2008-205-01
Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.452680
External Source: GENTOO
Name: GLSA-200812-17
Hyperlink:http://security.gentoo.org/glsa/glsa-200812-17.xml
External Source: GENTOO
Name: GLSA-200807-08
Hyperlink:http://security.gentoo.org/glsa/glsa-200807-08.xml
External Source: FREEBSD
Name: FreeBSD-SA-08:06
Hyperlink:http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc
External Source: SECUNIA
Name: 33786
Hyperlink:http://secunia.com/advisories/33786
External Source: SECUNIA
Name: 33714
Hyperlink:http://secunia.com/advisories/33714
External Source: SECUNIA
Name: 33178
Hyperlink:http://secunia.com/advisories/33178
External Source: SECUNIA
Name: 31900
Hyperlink:http://secunia.com/advisories/31900
External Source: SECUNIA
Name: 31882
Hyperlink:http://secunia.com/advisories/31882
External Source: SECUNIA
Name: 31823
Hyperlink:http://secunia.com/advisories/31823
External Source: SECUNIA
Name: 31687
Hyperlink:http://secunia.com/advisories/31687
External Source: SECUNIA
Name: 31588
Hyperlink:http://secunia.com/advisories/31588
External Source: SECUNIA
Name: 31495
Hyperlink:http://secunia.com/advisories/31495
External Source: SECUNIA
Name: 31482
Hyperlink:http://secunia.com/advisories/31482
External Source: SECUNIA
Name: 31451
Hyperlink:http://secunia.com/advisories/31451
External Source: SECUNIA
Name: 31430
Hyperlink:http://secunia.com/advisories/31430
External Source: SECUNIA
Name: 31422
Hyperlink:http://secunia.com/advisories/31422
External Source: SECUNIA
Name: 31354
Hyperlink:http://secunia.com/advisories/31354
External Source: SECUNIA
Name: 31326
Hyperlink:http://secunia.com/advisories/31326
External Source: SECUNIA
Name: 31254
Type: Advisory
Hyperlink:http://secunia.com/advisories/31254
External Source: SECUNIA
Name: 31237
Type: Advisory
Hyperlink:http://secunia.com/advisories/31237
External Source: SECUNIA
Name: 31236
Hyperlink:http://secunia.com/advisories/31236
External Source: SECUNIA
Name: 31221
Hyperlink:http://secunia.com/advisories/31221
External Source: SECUNIA
Name: 31213
Hyperlink:http://secunia.com/advisories/31213
External Source: SECUNIA
Name: 31212
Hyperlink:http://secunia.com/advisories/31212
External Source: SECUNIA
Name: 31209
Hyperlink:http://secunia.com/advisories/31209
External Source: SECUNIA
Name: 31207
Type: Advisory
Hyperlink:http://secunia.com/advisories/31207
External Source: SECUNIA
Name: 31204
Hyperlink:http://secunia.com/advisories/31204
External Source: SECUNIA
Name: 31199
Hyperlink:http://secunia.com/advisories/31199
External Source: SECUNIA
Name: 31197
Type: Advisory
Hyperlink:http://secunia.com/advisories/31197
External Source: SECUNIA
Name: 31169
Hyperlink:http://secunia.com/advisories/31169
External Source: SECUNIA
Name: 31153
Hyperlink:http://secunia.com/advisories/31153
External Source: SECUNIA
Name: 31152
Hyperlink:http://secunia.com/advisories/31152
External Source: SECUNIA
Name: 31151
Hyperlink:http://secunia.com/advisories/31151
External Source: SECUNIA
Name: 31143
Hyperlink:http://secunia.com/advisories/31143
External Source: SECUNIA
Name: 31137
Type: Advisory
Hyperlink:http://secunia.com/advisories/31137
External Source: SECUNIA
Name: 31094
Type: Advisory
Hyperlink:http://secunia.com/advisories/31094
External Source: SECUNIA
Name: 31093
Hyperlink:http://secunia.com/advisories/31093
External Source: SECUNIA
Name: 31072
Hyperlink:http://secunia.com/advisories/31072
External Source: SECUNIA
Name: 31065
Hyperlink:http://secunia.com/advisories/31065
External Source: SECUNIA
Name: 31052
Hyperlink:http://secunia.com/advisories/31052
External Source: SECUNIA
Name: 31033
Type: Advisory
Hyperlink:http://secunia.com/advisories/31033
External Source: SECUNIA
Name: 31031
Hyperlink:http://secunia.com/advisories/31031
External Source: SECUNIA
Name: 31030
Hyperlink:http://secunia.com/advisories/31030
External Source: SECUNIA
Name: 31022
Hyperlink:http://secunia.com/advisories/31022
External Source: SECUNIA
Name: 31019
Hyperlink:http://secunia.com/advisories/31019
External Source: SECUNIA
Name: 31014
Hyperlink:http://secunia.com/advisories/31014
External Source: SECUNIA
Name: 31012
Hyperlink:http://secunia.com/advisories/31012
External Source: SECUNIA
Name: 31011
Hyperlink:http://secunia.com/advisories/31011
External Source: SECUNIA
Name: 30998
Hyperlink:http://secunia.com/advisories/30998
External Source: SECUNIA
Name: 30989
Type: Advisory
Hyperlink:http://secunia.com/advisories/30989
External Source: SECUNIA
Name: 30988
Type: Advisory
Hyperlink:http://secunia.com/advisories/30988
External Source: SECUNIA
Name: 30980
Hyperlink:http://secunia.com/advisories/30980
External Source: SECUNIA
Name: 30979
Hyperlink:http://secunia.com/advisories/30979
External Source: SECUNIA
Name: 30977
Hyperlink:http://secunia.com/advisories/30977
External Source: SECUNIA
Name: 30973
Hyperlink:http://secunia.com/advisories/30973
External Source: SECUNIA
Name: 30925
Hyperlink:http://secunia.com/advisories/30925
External Source: REDHAT
Name: RHSA-2008:0533
Hyperlink:http://rhn.redhat.com/errata/RHSA-2008-0533.html
External Source: OVAL
Name: oval:org.mitre.oval:def:5761
Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5761
External Source: OVAL
Name: oval:org.mitre.oval:def:5725
Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5725
External Source: HP
Name: SSRT090014
Hyperlink:http://marc.info/?l=bugtraq&m=123324863916385&w=2
External Source: HP
Name: SSRT090014
Hyperlink:http://marc.info/?l=bugtraq&m=123324863916385&w=2
External Source: HP
Name: HPSBTU02358
Hyperlink:http://marc.info/?l=bugtraq&m=121866517322103&w=2
External Source: HP
Name: SSRT080058
Hyperlink:http://marc.info/?l=bugtraq&m=121630706004256&w=2
External Source: HP
Name: SSRT080058
Hyperlink:http://marc.info/?l=bugtraq&m=121630706004256&w=2
External Source: SUSE
Name: SUSE-SR:2008:017
Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
External Source: SUSE
Name: SUSE-SA:2008:033
Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html
External Source: FULLDISC
Name: 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
Hyperlink:http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
External Source: APPLE
Name: APPLE-SA-2008-09-15
Hyperlink:http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
External Source: APPLE
Name: APPLE-SA-2008-09-12
Hyperlink:http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
External Source: APPLE
Name: APPLE-SA-2008-09-09
Hyperlink:http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
External Source: APPLE
Name: APPLE-SA-2008-07-31
Hyperlink:http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
External Source: HP
Name: SSRT071449
Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368
External Source: HP
Name: SSRT071449
Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368
External Source: HP
Name: HPSBOV02357
Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520
External Source: CONFIRM
Name: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401
Hyperlink:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401
External Source: MISC
Name: http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html
Hyperlink:http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html
External Source: NETBSD
Name: NetBSD-SA2008-009
Hyperlink:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc

Vulnerable software and versions

Nav control imageConfiguration 1
spacerNav control imageAND
spacerspacerNav control imageOR
spacerspacerline trunkNav control imagecpe:/o:canonical:ubuntu:6.06::lts
spacerspacerline trunkNav control imagecpe:/o:canonical:ubuntu:7.04
spacerspacerline trunkNav control imagecpe:/o:canonical:ubuntu:7.10
spacerspacerline trunkNav control imagecpe:/o:canonical:ubuntu:8.04::lts
spacerspacerline trunkNav control imagecpe:/o:cisco:ios:12.0
spacerspacerline trunkNav control imagecpe:/o:debian:debian_linux:4.0
spacerspacerline trunkNav control imagecpe:/o:microsoft:windows:2003_server::x64
spacerspacerline trunkNav control imagecpe:/o:microsoft:windows:2003_server:sp1
spacerspacerline trunkNav control imagecpe:/o:microsoft:windows:2003_server:sp1_itanium
spacerspacerline trunkNav control imagecpe:/o:microsoft:windows:2003_server:sp2
spacerspacerline trunkNav control imagecpe:/o:microsoft:windows:2003_server:sp2_itanium
spacerspacerline trunkNav control imagecpe:/o:microsoft:windows:2003_server:sp2_x64
spacerspacerline trunkNav control imagecpe:/o:microsoft:windows:xp:sp3
spacerspacerline trunkNav control imagecpe:/o:microsoft:windows:xp_professional::x64
spacerspacerline trunkNav control imagecpe:/o:microsoft:windows:xp_professional:sp2_x64
spacerspacerline trunkNav control imagecpe:/o:microsoft:windows_2000::sp4
spacerspacerline trunkNav control imagecpe:/o:microsoft:windows_xp::sp2
spacerspacerline trunkNav control imagecpe:/o:redhat:enterprise_linux:2.1::as
spacerspacerline trunkNav control imagecpe:/o:redhat:enterprise_linux:2.1::es
spacerspacerline trunkNav control imagecpe:/o:redhat:enterprise_linux:2.1::ws
spacerspacerline trunkNav control imagecpe:/o:redhat:enterprise_linux:3::as
spacerspacerline trunkNav control imagecpe:/o:redhat:enterprise_linux:3::desktop
spacerspacerline trunkNav control imagecpe:/o:redhat:enterprise_linux:3::es
spacerspacerline trunkNav control imagecpe:/o:redhat:enterprise_linux:3::ws
spacerspacerline trunkNav control imagecpe:/o:redhat:enterprise_linux:4::as
spacerspacerline trunkNav control imagecpe:/o:redhat:enterprise_linux:4::desktop
spacerspacerline trunkNav control imagecpe:/o:redhat:enterprise_linux:4::es
spacerspacerline trunkNav control imagecpe:/o:redhat:enterprise_linux:4::ws
spacerspacerline trunkNav control imagecpe:/o:redhat:enterprise_linux:5.0
spacerspacerline trunkNav control imagecpe:/o:redhat:enterprise_linux:5::client
spacerspacerline trunkNav control imagecpe:/o:redhat:enterprise_linux:5::client_workstation
spacerspacerline trunkNav control imagecpe:/o:redhat:linux_advanced_workstation:2.1::itanium
spacerspacerNav control imageOR
spacerspacerspacerNav control image* cpe:/a:isc:bind:4
spacerspacerspacerNav control image* cpe:/a:isc:bind:8
spacerspacerspacerNav control image* cpe:/a:isc:bind:9.2.9
* Denotes Vulnerable Software
* Changes related to vulnerability configurations

Technical Details

Vulnerability Type (View All)
CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447