ID CVE-2008-1447
Summary The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
References
Vulnerable Configurations
  • cpe:2.3:o:canonical:ubuntu:6.06:-:lts
    cpe:2.3:o:canonical:ubuntu:6.06:-:lts
  • cpe:2.3:o:canonical:ubuntu:7.04
    cpe:2.3:o:canonical:ubuntu:7.04
  • cpe:2.3:o:canonical:ubuntu:7.10
    cpe:2.3:o:canonical:ubuntu:7.10
  • cpe:2.3:o:canonical:ubuntu:8.04:-:lts
    cpe:2.3:o:canonical:ubuntu:8.04:-:lts
  • Cisco IOS 12.0
    cpe:2.3:o:cisco:ios:12.0
  • Debian GNU/Linux 4.0
    cpe:2.3:o:debian:debian_linux:4.0
  • cpe:2.3:o:microsoft:windows:2003_server:-:x64
    cpe:2.3:o:microsoft:windows:2003_server:-:x64
  • cpe:2.3:o:microsoft:windows:2003_server:sp1
    cpe:2.3:o:microsoft:windows:2003_server:sp1
  • cpe:2.3:o:microsoft:windows:2003_server:sp1_itanium
    cpe:2.3:o:microsoft:windows:2003_server:sp1_itanium
  • cpe:2.3:o:microsoft:windows:2003_server:sp2
    cpe:2.3:o:microsoft:windows:2003_server:sp2
  • cpe:2.3:o:microsoft:windows:2003_server:sp2_itanium
    cpe:2.3:o:microsoft:windows:2003_server:sp2_itanium
  • cpe:2.3:o:microsoft:windows:2003_server:sp2_x64
    cpe:2.3:o:microsoft:windows:2003_server:sp2_x64
  • cpe:2.3:o:microsoft:windows:xp:sp3
    cpe:2.3:o:microsoft:windows:xp:sp3
  • cpe:2.3:o:microsoft:windows:xp_professional:-:x64
    cpe:2.3:o:microsoft:windows:xp_professional:-:x64
  • cpe:2.3:o:microsoft:windows:xp_professional:sp2_x64
    cpe:2.3:o:microsoft:windows:xp_professional:sp2_x64
  • Microsoft Windows 2000 Service Pack 4
    cpe:2.3:o:microsoft:windows_2000:-:sp4
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
  • Red Hat Enterprise Linux 2.1 Advanced Server
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:as
  • Red Hat Enterprise Linux 2.1 Enterprise Server
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:es
  • Red Hat Enterprise Linux 2.1 Workstation
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:ws
  • Red Hat Enterprise Linux Desktop (v.5 client)
    cpe:2.3:o:redhat:enterprise_linux:5:-:client
  • Red Hat Enterprise Linux Desktop Workstation (v.5 client)
    cpe:2.3:o:redhat:enterprise_linux:5:-:client_workstation
  • Red Hat Enterprise Linux 5.0
    cpe:2.3:o:redhat:enterprise_linux:5.0
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:itanium
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:itanium
  • ISC BIND 4
    cpe:2.3:a:isc:bind:4
  • ISC BIND 8
    cpe:2.3:a:isc:bind:8
  • ISC BIND 9.2.9
    cpe:2.3:a:isc:bind:9.2.9
CVSS
Base: 5.0 (as of 08-11-2016 - 10:01)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
exploit-db via4
  • description BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c). CVE-2008-1447,CVE-2008-4194. Remote exploits for multiple platform
    file exploits/multiple/remote/6130.c
    id EDB-ID:6130
    last seen 2016-01-31
    modified 2008-07-25
    platform multiple
    port
    published 2008-07-25
    reporter Marc Bevand
    source https://www.exploit-db.com/download/6130/
    title BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit c
    type remote
  • description BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py). CVE-2008-1447,CVE-2008-4194. Remote exploits for multiple platform
    file exploits/multiple/remote/6123.py
    id EDB-ID:6123
    last seen 2016-02-01
    modified 2008-07-24
    platform multiple
    port
    published 2008-07-24
    reporter Julien Desfossez
    source https://www.exploit-db.com/download/6123/
    title BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit py
    type remote
  • description BIND 9.4.1-9.4.2 Remote DNS Cache Poisoning Flaw Exploit (meta). CVE-2008-1447,CVE-2008-4194. Remote exploits for multiple platform
    file exploits/multiple/remote/6122.rb
    id EDB-ID:6122
    last seen 2016-02-01
    modified 2008-07-23
    platform multiple
    port
    published 2008-07-23
    reporter I)ruid
    source https://www.exploit-db.com/download/6122/
    title BIND 9.4.1-9.4.2 - Remote DNS Cache Poisoning Flaw Exploit meta
    type remote
metasploit via4
  • description This exploit attacks a fairly ubiquitous flaw in DNS implementations which Dan Kaminsky found and disclosed ~Jul 2008. This exploit replaces the target domains nameserver entries in a vulnerable DNS cache server. This attack works by sending random hostname queries to the target DNS server coupled with spoofed replies to those queries from the authoritative nameservers for that domain. Eventually, a guessed ID will match, the spoofed packet will get accepted, and the nameserver entries for the target domain will be replaced by the server specified in the NEWDNS option of this exploit.
    id MSF:AUXILIARY/SPOOF/DNS/BAILIWICKED_DOMAIN
    last seen 2019-03-19
    modified 2017-07-24
    published 2008-10-27
    reliability Normal
    reporter Rapid7
    source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/spoof/dns/bailiwicked_domain.rb
    title DNS BailiWicked Domain Attack
  • description This exploit attacks a fairly ubiquitous flaw in DNS implementations which Dan Kaminsky found and disclosed ~Jul 2008. This exploit caches a single malicious host entry into the target nameserver by sending random hostname queries to the target DNS server coupled with spoofed replies to those queries from the authoritative nameservers for that domain. Eventually, a guessed ID will match, the spoofed packet will get accepted, and due to the additional hostname entry being within bailiwick constraints of the original request the malicious host entry will get cached.
    id MSF:AUXILIARY/SPOOF/DNS/BAILIWICKED_HOST
    last seen 2019-03-25
    modified 2017-07-24
    published 2008-12-19
    reliability Normal
    reporter Rapid7
    source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/spoof/dns/bailiwicked_host.rb
    title DNS BailiWicked Host Attack
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_109326.NASL
    description SunOS 5.8: libresolv.so.2, in.named and BI. Date this patch was last updated by Sun : Mar/09/09
    last seen 2018-09-01
    modified 2016-12-12
    plugin id 13321
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13321
    title Solaris 8 (sparc) : 109326-24
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_112837.NASL
    description SunOS 5.9: in.dhcpd libresolv and BIND9 pa. Date this patch was last updated by Sun : Jul/21/11
    last seen 2018-09-02
    modified 2016-12-12
    plugin id 26165
    published 2007-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26165
    title Solaris 9 (sparc) : 112837-24
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200901-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-200901-03 (pdnsd: Denial of Service and cache poisoning) Two issues have been reported in pdnsd: The p_exec_query() function in src/dns_query.c does not properly handle many entries in the answer section of a DNS reply, related to a 'dangling pointer bug' (CVE-2008-4194). The default value for query_port_start was set to 0, disabling UDP source port randomization for outgoing queries (CVE-2008-1447). Impact : An attacker could exploit the second weakness to poison the cache of pdnsd and thus spoof DNS traffic, which could e.g. lead to the redirection of web or mail traffic to malicious sites. The first issue can be exploited by enticing pdnsd to send a query to a malicious DNS server, or using the port randomization weakness, and might lead to a Denial of Service. Workaround : Port randomization can be enabled by setting the 'query_port_start' option to 1024 which would resolve the CVE-2008-1447 issue.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 35347
    published 2009-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35347
    title GLSA-200901-03 : pdnsd: Denial of Service and cache poisoning
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1619.NASL
    description Multiple weaknesses have been identified in PyDNS, a DNS client implementation for the Python language. Dan Kaminsky identified a practical vector of DNS response spoofing and cache poisoning, exploiting the limited entropy in a DNS transaction ID and lack of UDP source port randomization in many DNS implementations. Scott Kitterman noted that python-dns is vulnerable to this predictability, as it randomizes neither its transaction ID nor its source port. Taken together, this lack of entropy leaves applications using python-dns to perform DNS queries highly susceptible to response forgery. The Common Vulnerabilities and Exposures project identifies this class of weakness as CVE-2008-1447 and this specific instance in PyDNS as CVE-2008-4099.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 33739
    published 2008-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33739
    title Debian DSA-1619-1 : python-dns - DNS response spoofing
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS08-037.NASL
    description Flaws in the remote DNS library may let an attacker send malicious DNS responses to DNS requests made by the remote host, thereby spoofing or redirecting internet traffic from legitimate locations.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 33441
    published 2008-07-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33441
    title MS08-037: Vulnerabilities in DNS Could Allow Spoofing (953230)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2008-334-01.NASL
    description New ruby packages are available for Slackware 11.0, 12.0, and 12.1 to fix bugs and a security issue.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 34972
    published 2008-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34972
    title Slackware 11.0 / 12.0 / 12.1 : ruby (SSA:2008-334-01)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_114265.NASL
    description SunOS 5.9_x86: in.dhcpd libresolv and BIND. Date this patch was last updated by Sun : Jul/21/11
    last seen 2018-09-01
    modified 2016-12-12
    plugin id 27094
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27094
    title Solaris 9 (x86) : 114265-23
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-622-1.NASL
    description Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Bind. A remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 33464
    published 2008-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33464
    title Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : bind9 vulnerability (USN-622-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201209-25.NASL
    description The remote host is affected by the vulnerability described in GLSA-201209-25 (VMware Player, Server, Workstation: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VMware Player, Server, and Workstation. Please review the CVE identifiers referenced below for details. Impact : Local users may be able to gain escalated privileges, cause a Denial of Service, or gain sensitive information. A remote attacker could entice a user to open a specially crafted file, possibly resulting in the remote execution of arbitrary code, or a Denial of Service. Remote attackers also may be able to spoof DNS traffic, read arbitrary files, or inject arbitrary web script to the VMware Server Console. Furthermore, guest OS users may be able to execute arbitrary code on the host OS, gain escalated privileges on the guest OS, or cause a Denial of Service (crash the host OS). Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 62383
    published 2012-10-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62383
    title GLSA-201209-25 : VMware Player, Server, Workstation: Multiple vulnerabilities
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2008-0014.NASL
    description I Security Issues a. Setting ActiveX kill bit Starting from this release, VMware has set the kill bit on its ActiveX controls. Setting the kill bit ensures that ActiveX controls cannot run in Internet Explorer (IE), and avoids security issues involving ActiveX controls in IE. See the Microsoft KB article 240797 and the related references on this topic. Security vulnerabilities have been reported for ActiveX controls provided by VMware when run in IE. Under specific circumstances, exploitation of these ActiveX controls might result in denial-of- service or can allow running of arbitrary code when the user browses a malicious Web site or opens a malicious file in IE browser. An attempt to run unsafe ActiveX controls in IE might result in pop-up windows warning the user. Note: IE can be configured to run unsafe ActiveX controls without prompting. VMware recommends that you retain the default settings in IE, which prompts when unsafe actions are requested. Earlier, VMware had issued knowledge base articles, KB 5965318 and KB 9078920 on security issues with ActiveX controls. To avoid malicious scripts that exploit ActiveX controls, do not enable unsafe ActiveX objects in your browser settings. As a best practice, do not browse untrusted Web sites as an administrator and do not click OK or Yes if prompted by IE to allow certain actions. VMware would like to thank Julien Bachmann, Shennan Wang, Shinnai, and Michal Bucko for reporting these issues to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2007-5438, and CVE-2008-3696 to the security issues with VMware ActiveX controls. b. VMware ISAPI Extension Denial of Service The Internet Server Application Programming Interface (ISAPI) is an API that extends the functionality of Internet Information Server (IIS). VMware uses ISAPI extensions in its Server product. One of the ISAPI extensions provided by VMware is vulnerable to a remote denial of service. By sending a malformed request, IIS might shut down. IIS 6.0 restarts automatically. However, IIS 5.0 does not restart automatically when its Startup Type is set to Manual. VMware would like to thank the Juniper Networks J-Security Security Research Team for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-3697 to this issue. c. OpenProcess Local Privilege Escalation on Host System This release fixes a privilege escalation vulnerability in host systems. Exploitation of this vulnerability allows users to run arbitrary code on the host system with elevated privileges. VMware would like to thank Sun Bing from McAfee, Inc. for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-3698 to this issue. d. Update to Freetype FreeType 2.3.6 resolves an integer overflow vulnerability and other vulnerabilities that can allow malicious users to run arbitrary code or might cause a denial-of-service after reading a maliciously crafted file. This release updates FreeType to 2.3.7. The Common Vulnerabilities and Exposures Project (cve.mitre.com) has assigned the names CVE-2008-1806, CVE-2008-1807, and CVE-2008-1808 to the issues resolved in Freetype 2.3.6. e. Update to Cairo Cairo 1.4.12 resolves an integer overflow vulnerability that can allow malicious users to run arbitrary code or might cause a denial-of-service after reading a maliciously crafted PNG file. This release updates Cairo to 1.4.14. The Common Vulnerabilities and Exposures (cve.mitre.com) has assigned the name CVE-2007-5503 to this issue. f. VMware Consolidated Backup (VCB) command-line utilities may expose sensitive information VMware Consolidated Backup command-line utilities accept the user password through the -p command-line option. Users logged into the ESX service console or into the system that runs VCB could gain access to the username and password used by VCB command-line utilities when such commands are running. The ESX patch and the new version of VCB resolve this issue by providing an alternative way of passing the password used by VCB command-line utilities. VCB in ESX ---------- The following options are recommended for passing the password : 1. The password is specified in /etc/backuptools.conf (PASSWORD=xxxxx), and -p is not used in the command line. /etc/backuptools.conf file permissions are read/write only for root. 2. No password is specified in /etc/backuptools.conf and the -p option is not used in the command line. The user will be prompted to enter a password. ESX is not affected unless you use VCB. Stand-alone VCB --------------- The following options are recommended for passing the password : 1. The password is specified in config.js (PASSWORD=xxxxx), and -p is not used in the command line. The file permissions on config.js are read/write only for the administrator. The config.js file is located in folder 'config' of the VCB installation folder. For example, C:\Program Files\Vmware\Vmware Consolidated Backup Framework\config. 2. The password is specified in the registry, and is not specified in config.js, and -p is not used in the command line. Access to the registry key holding the password is allowed only to the administrator. The location of the registry key is : On Windows x86: HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\ VMware Consolidated Backup\Password On Windows x64: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ VMware, Inc.\VMware Consolidated Backup\Password 3. The password is not specified in the registry, and is not specified in config.js, and -p is not used in the command line. The user will be prompted to enter a password. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2101 to this issue. g. Third-Party Library libpng Updated to 1.2.29 Several flaws were discovered in the way third-party library libpng handled various PNG image chunks. An attacker could create a carefully crafted PNG image file in such a way that it causes an application linked with libpng to crash when the file is manipulated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5269 to this issue. NOTE: There are multiple patches required to remediate the issue. II ESX Service Console rpm updates a. update to bind This update upgrades the service console rpms for bind-utils and bind-lib to version 9.2.4-22.el3. Version 9.2.4.-22.el3 addresses the recently discovered vulnerability in the BIND software used for Domain Name resolution (DNS). VMware doesn't install all the BIND packages on ESX Server and is not vulnerable by default to the reported vulnerability. Of the BIND packages, VMware only ships bind-util and bind-lib in the service console and these components by themselves cannot be used to setup a DNS server. Bind-lib and bind-util are used in client DNS applications like nsupdate, nslookup, etc. VMware explicitly discourages installing applications like BIND on the service console. In case the customer has installed BIND, and the DNS server is configured to support recursive queries, their ESX Server system is affected and they should replace BIND with a patched version. Note: ESX Server will use the DNS server on the network it is on, so it is important to patch that DNS server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-1447 to this issue.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 40382
    published 2009-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40382
    title VMSA-2008-0014 : Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX, VMware VCB address information disclosure, privilege escalation and other security issues.
  • NASL family DNS
    NASL id MS_DNS_KB951746.NASL
    description According to its self-reported version number, the Microsoft DNS Server running on the remote host contains issues in the DNS library that could allow an attacker to send malicious DNS responses to DNS requests made by the remote host thereby spoofing or redirecting internet traffic from legitimate locations.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 72834
    published 2014-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72834
    title MS08-037: Vulnerabilities in DNS Could Allow Spoofing (951746) (uncredentialed check)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200809-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-200809-02 (dnsmasq: Denial of Service and DNS spoofing) Dan Kaminsky of IOActive reported that dnsmasq does not randomize UDP source ports when forwarding DNS queries to a recursing DNS server (CVE-2008-1447). Carlos Carvalho reported that dnsmasq in the 2.43 version does not properly handle clients sending inform or renewal queries for unknown DHCP leases, leading to a crash (CVE-2008-3350). Impact : A remote attacker could send spoofed DNS response traffic to dnsmasq, possibly involving generating queries via multiple vectors, and spoof DNS replies, which could e.g. lead to the redirection of web or mail traffic to malicious sites. Furthermore, an attacker could generate invalid DHCP traffic and cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 34091
    published 2008-09-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34091
    title GLSA-200809-02 : dnsmasq: Denial of Service and DNS spoofing
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1623.NASL
    description Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. This update changes Debian's dnsmasq packages to implement the recommended countermeasure: UDP query source port randomization. This change increases the size of the space from which an attacker has to guess values in a backwards-compatible fashion and makes successful attacks significantly more difficult. This update also switches the random number generator to Dan Bernstein's SURF.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 33772
    published 2008-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33772
    title Debian DSA-1623-1 : dnsmasq - DNS cache poisoning
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2009-0022.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-2957 Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request. CVE-2009-2958 The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option. - problems with strings when enabling tftp (CVE-2009-2957, CVE-2009-2957) - Resolves: rhbg#519021 - update to new upstream version - fixes for CVE-2008-1447/CERT VU#800113 - Resolves: rhbz#454869
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 79464
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79464
    title OracleVM 2.1 : dnsmasq (OVMSA-2009-0022)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-6281.NASL
    description 9.5.0-P1 release which contains fix for CVE-2008-1447. This update also fixes parsing of inner ACLs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-12
    plugin id 33470
    published 2008-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33470
    title Fedora 8 : bind-9.5.0-28.P1.fc8 (2008-6281)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200812-17.NASL
    description The remote host is affected by the vulnerability described in GLSA-200812-17 (Ruby: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the Ruby interpreter and its standard libraries. Drew Yao of Apple Product Security discovered the following flaws: Arbitrary code execution or Denial of Service (memory corruption) in the rb_str_buf_append() function (CVE-2008-2662). Arbitrary code execution or Denial of Service (memory corruption) in the rb_ary_stor() function (CVE-2008-2663). Memory corruption via alloca in the rb_str_format() function (CVE-2008-2664). Memory corruption ('REALLOC_N') in the rb_ary_splice() and rb_ary_replace() functions (CVE-2008-2725). Memory corruption ('beg + rlen') in the rb_ary_splice() and rb_ary_replace() functions (CVE-2008-2726). Furthermore, several other vulnerabilities have been reported: Tanaka Akira reported an issue with resolv.rb that enables attackers to spoof DNS responses (CVE-2008-1447). Akira Tagoh of RedHat discovered a Denial of Service (crash) issue in the rb_ary_fill() function in array.c (CVE-2008-2376). Several safe level bypass vulnerabilities were discovered and reported by Keita Yamaguchi (CVE-2008-3655). Christian Neukirchen is credited for discovering a Denial of Service (CPU consumption) attack in the WEBRick HTTP server (CVE-2008-3656). A fault in the dl module allowed the circumvention of taintness checks which could possibly lead to insecure code execution was reported by 'sheepman' (CVE-2008-3657). Tanaka Akira again found a DNS spoofing vulnerability caused by the resolv.rb implementation using poor randomness (CVE-2008-3905). Luka Treiber and Mitja Kolsek (ACROS Security) disclosed a Denial of Service (CPU consumption) vulnerability in the REXML module when dealing with recursive entity expansion (CVE-2008-3790). Impact : These vulnerabilities allow remote attackers to execute arbitrary code, spoof DNS responses, bypass Ruby's built-in security and taintness checks, and cause a Denial of Service via crash or CPU exhaustion. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 35188
    published 2008-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35188
    title GLSA-200812-17 : Ruby: Multiple vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-139.NASL
    description A weakness was found in the DNS protocol by Dan Kaminsky. A remote attacker could exploit this weakness to spoof DNS entries and poison DNS caches. This could be used to misdirect users and services; i.e. for web and email traffic (CVE-2008-1447). This update provides the latest stable BIND releases for all platforms except Corporate Server/Desktop 3.0 and MNF2, which have been patched to correct the issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 36526
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36526
    title Mandriva Linux Security Advisory : bind (MDVSA-2008:139)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1604.NASL
    description Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting.
    last seen 2017-10-29
    modified 2013-06-03
    plugin id 33451
    published 2008-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33451
    title Debian DSA-1604-1 : bind - DNS cache poisoning
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-006.NASL
    description The remote host is running a version of Mac OS X 10.4 that does not have the security update 2008-006 applied. This update contains security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 34210
    published 2008-09-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34210
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-006)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_5_5.NASL
    description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.5. Mac OS X 10.5.5 contains security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 34211
    published 2008-09-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34211
    title Mac OS X 10.5.x < 10.5.5 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12197.NASL
    description The transaction id and the udp source port used for DNS queries by the bind nameserver were predictable. Attackers could potentially exploit that weakness to manipulate the DNS cache ('DNS cache poisoning', CVE-2008-1447). Additionally the root.hint zone file was updated to contain the new IP number of the 'L' root DNS server.
    last seen 2019-02-21
    modified 2016-05-24
    plugin id 41221
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41221
    title SuSE9 Security Update : bind (YOU Patch Number 12197)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_DNSMASQ-5512.NASL
    description This update of dnsmasq uses random UDP source ports and a random TRXID now. (CVE-2008-1447)
    last seen 2019-02-21
    modified 2016-08-16
    plugin id 33895
    published 2008-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33895
    title openSUSE 10 Security Update : dnsmasq (dnsmasq-5512)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2008-205-01.NASL
    description New dnsmasq packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to address possible DNS cache poisoning issues.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 33565
    published 2008-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33565
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : dnsmasq (SSA:2008-205-01)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1603.NASL
    description Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. This update changes Debian's BIND 9 packages to implement the recommended countermeasure: UDP query source port randomization. This change increases the size of the space from which an attacker has to guess values in a backwards-compatible fashion and makes successful attacks significantly more difficult. Note that this security update changes BIND network behavior in a fundamental way, and the following steps are recommended to ensure a smooth upgrade. 1. Make sure that your network configuration is compatible with source port randomization. If you guard your resolver with a stateless packet filter, you may need to make sure that no non-DNS services listen on the 1024--65535 UDP port range and open it at the packet filter. For instance, packet filters based on etch's Linux 2.6.18 kernel only support stateless filtering of IPv6 packets, and therefore pose this additional difficulty. (If you use IPv4 with iptables and ESTABLISHED rules, networking changes are likely not required.) 2. Install the BIND 9 upgrade, using 'apt-get update' followed by 'apt-get install bind9'. Verify that the named process has been restarted and answers recursive queries. (If all queries result in timeouts, this indicates that networking changes are necessary; see the first step.) 3. Verify that source port randomization is active. Check that the /var/log/daemon.log file does not contain messages of the following form named[6106]: /etc/bind/named.conf.options:28: using specific query-source port suppresses port randomization and can be insecure. right after the 'listening on IPv6 interface' and 'listening on IPv4 interface' messages logged by BIND upon startup. If these messages are present, you should remove the indicated lines from the configuration, or replace the port numbers contained within them with '*' sign (e.g., replace 'port 53' with 'port *'). For additional certainty, use tcpdump or some other network monitoring tool to check for varying UDP source ports. If there is a NAT device in front of your resolver, make sure that it does not defeat the effect of source port randomization. 4. If you cannot activate source port randomization, consider configuring BIND 9 to forward queries to a resolver which can, possibly over a VPN such as OpenVPN to create the necessary trusted network link. (Use BIND's forward-only mode in this case.) Other caching resolvers distributed by Debian (PowerDNS, MaraDNS, Unbound) already employ source port randomization, and no updated packages are needed. BIND 9.5 up to and including version 1:9.5.0.dfsg-4 only implements a weak form of source port randomization and needs to be updated as well. For information on BIND 8, see DSA-1604-1, and for the status of the libc stub resolver, see DSA-1605-1. The updated bind9 packages contain changes originally scheduled for the next stable point release, including the changed IP address of L.ROOT-SERVERS.NET (Debian bug # 449148).
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 33450
    published 2008-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33450
    title Debian DSA-1603-1 : bind9 - DNS cache poisoning
  • NASL family DNS
    NASL id DNS_NON_RANDOM_SOURCE_PORTS.NASL
    description The remote DNS resolver does not use random ports when making queries to third-party DNS servers. An unauthenticated, remote attacker can exploit this to poison the remote DNS server, allowing the attacker to divert legitimate traffic to arbitrary sites.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 33447
    published 2008-07-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33447
    title Multiple Vendor DNS Query ID Field Prediction Cache Poisoning
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0066.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 99569
    published 2017-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99569
    title OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_X86_109327.NASL
    description SunOS 5.8_x86: libresolv.so.2, in.named an. Date this patch was last updated by Sun : Mar/09/09
    last seen 2018-09-02
    modified 2016-12-12
    plugin id 13429
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13429
    title Solaris 8 (x86) : 109327-24
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL8938.NASL
    description The remote BIG-IP device is missing a patch required by a security advisory.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 78224
    published 2014-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78224
    title F5 Networks BIG-IP : BIND DNS cache poisoning vulnerability (SOL8938)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_36973.NASL
    description s700_800 11.23 Bind 9.2.0 components : A potential vulnerability has been identified with HP-UX running BIND. The vulnerability could be exploited remotely to cause DNS cache poisoning.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 26139
    published 2007-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26139
    title HP-UX PHNE_36973 : HP-UX Running BIND, Remote DNS Cache Poisoning (HPSBUX02251 SSRT071449 rev.3)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-005.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-005 applied. This update contains security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 33790
    published 2008-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33790
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-005)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_BIND-5409.NASL
    description The transaction id and the udp source port used for DNS queries by the bind nameserver were predicatable. Attackers could potentially exploit that weakness to manipulate the DNS cache ('DNS cache poisoning', CVE-2008-1447).
    last seen 2019-02-21
    modified 2016-08-16
    plugin id 33500
    published 2008-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33500
    title SuSE 10 Security Update : bind (ZYPP Patch Number 5409)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-1069.NASL
    description Update to newer upstream version - 2.45. Version of dnsmasq previously shipped in Fedora 9 did not properly drop privileges, causing it to run as root instead of intended user nobody. Issue was caused by a bug in kernel-headers used in build environment of the original packages. (#454415) New upstream version also adds DNS query source port randomization, mitigating DNS spoofing attacks. (CVE-2008-1447) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 35693
    published 2009-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35693
    title Fedora 9 : dnsmasq-2.45-1.fc9 (2009-1069)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1617.NASL
    description In DSA-1603-1, Debian released an update to the BIND 9 domain name server, which introduced UDP source port randomization to mitigate the threat of DNS cache poisoning attacks (identified by the Common Vulnerabilities and Exposures project as CVE-2008-1447 ). The fix, while correct, was incompatible with the version of SELinux Reference Policy shipped with Debian Etch, which did not permit a process running in the named_t domain to bind sockets to UDP ports other than the standard 'domain' port (53). The incompatibility affects both the 'targeted' and 'strict' policy packages supplied by this version of refpolicy. This update to the refpolicy packages grants the ability to bind to arbitrary UDP ports to named_t processes. When installed, the updated packages will attempt to update the bind policy module on systems where it had been previously loaded and where the previous version of refpolicy was 0.0.20061018-5 or below. Because the Debian refpolicy packages are not yet designed with policy module upgradeability in mind, and because SELinux-enabled Debian systems often have some degree of site-specific policy customization, it is difficult to assure that the new bind policy can be successfully upgraded. To this end, the package upgrade will not abort if the bind policy update fails. The new policy module can be found at /usr/share/selinux/refpolicy-targeted/bind.pp after installation. Administrators wishing to use the bind service policy can reconcile any policy incompatibilities and install the upgrade manually thereafter. A more detailed discussion of the corrective procedure may be found on https://wiki.debian.org/SELinux/Issues/BindPortRandomization.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 33737
    published 2008-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33737
    title Debian DSA-1617-1 : refpolicy - incompatible policy
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_37865.NASL
    description s700_800 11.23 Bind 9.2.0 components : A potential security vulnerability has been identified with HP-UX running BIND. The vulnerability could be exploited remotely to cause DNS cache poisoning.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 33864
    published 2008-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33864
    title HP-UX PHNE_37865 : HP-UX Running BIND, Remote DNS Cache Poisoning (HPSBUX02351 SSRT080058 rev.6)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0789.NASL
    description From Red Hat Security Advisory 2008:0789 : An updated dnsmasq package that implements UDP source-port randomization is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Dnsmasq is lightweight DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. The dnsmasq DNS resolver used a fixed source UDP port. This could have made DNS spoofing attacks easier. dnsmasq has been updated to use random UDP source ports, helping to make DNS spoofing attacks harder. (CVE-2008-1447) All dnsmasq users are advised to upgrade to this updated package, that upgrades dnsmasq to version 2.45, which resolves this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 67735
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67735
    title Oracle Linux 5 : dnsmasq (ELSA-2008-0789)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-627-1.NASL
    description Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Dnsmasq. A remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 33560
    published 2008-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33560
    title Ubuntu 8.04 LTS : dnsmasq vulnerability (USN-627-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080811_DNSMASQ_ON_SL5_X.NASL
    description The dnsmasq DNS resolver used a fixed source UDP port. This could have made DNS spoofing attacks easier. dnsmasq has been updated to use random UDP source ports, helping to make DNS spoofing attacks harder. (CVE-2008-1447)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60462
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60462
    title Scientific Linux Security Update : dnsmasq on SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0789.NASL
    description An updated dnsmasq package that implements UDP source-port randomization is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Dnsmasq is lightweight DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. The dnsmasq DNS resolver used a fixed source UDP port. This could have made DNS spoofing attacks easier. dnsmasq has been updated to use random UDP source ports, helping to make DNS spoofing attacks harder. (CVE-2008-1447) All dnsmasq users are advised to upgrade to this updated package, that upgrades dnsmasq to version 2.45, which resolves this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 33865
    published 2008-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33865
    title RHEL 5 : dnsmasq (RHSA-2008:0789)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080711_BIND_ON_SL_3_0_X.NASL
    description The DNS protocol protects against spoofing attacks by requiring an attacker to predict both the DNS transaction ID and UDP source port of a request. In recent years, a number of papers have found problems with DNS implementations which make it easier for an attacker to perform DNS cache-poisoning attacks. Previous versions of BIND did not use randomized UDP source ports. If an attacker was able to predict the random DNS transaction ID, this could make DNS cache-poisoning attacks easier. In order to provide more resilience, BIND has been updated to use a range of random UDP source ports. (CVE-2008-1447) Note: This errata also updates SELinux policy to allow BIND to use random UDP source ports.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60437
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60437
    title Scientific Linux Security Update : bind on SL 3.0.x , SL 4.x, SL 5.x
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_BIND-080708.NASL
    description The transaction id and the UDP source port used for DNS queries by the bind nameserver were predicatable. Attackers could potentially exploit that weakness to manipulate the DNS cache ('DNS cache poisoning', CVE-2008-1447).
    last seen 2019-02-21
    modified 2015-05-29
    plugin id 39920
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39920
    title openSUSE Security Update : bind (bind-82)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200807-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-200807-08 (BIND: Cache poisoning) Dan Kaminsky of IOActive has reported a weakness in the DNS protocol related to insufficient randomness of DNS transaction IDs and query source ports. Impact : An attacker could exploit this weakness to poison the cache of a recursive resolver and thus spoof DNS traffic, which could e.g. lead to the redirection of web or mail traffic to malicious sites. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 33494
    published 2008-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33494
    title GLSA-200807-08 : BIND: Cache poisoning
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_959D384D6B5911DD9D79001FC61C2A55.NASL
    description The official ruby site reports : resolv.rb allow remote attackers to spoof DNS answers. This risk can be reduced by randomness of DNS transaction IDs and source ports.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 33905
    published 2008-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33905
    title FreeBSD : ruby -- DNS spoofing vulnerability (959d384d-6b59-11dd-9d79-001fc61c2a55)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2008-191-02.NASL
    description New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to address a security problem.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 54869
    published 2011-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54869
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 8.1 / 9.0 / 9.1 / current : bind (SSA:2008-191-02)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1605.NASL
    description Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS spoofing and cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting.
    last seen 2017-10-29
    modified 2012-12-28
    plugin id 33452
    published 2008-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33452
    title Debian DSA-1605-1 : glibc - DNS cache poisoning
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-8738.NASL
    description Update to new upstream release fixing multiple security issues detailed in the upstream advisories: http://www.ruby-lang.org/en/news/2008/08/08/multiple- vulnerabilities-in-ruby/ - CVE-2008-3655 - multiple insufficient safe mode restrictions - CVE-2008-3656 - WEBrick DoS vulnerability (CPU consumption) - CVE-2008-3657 - missing 'taintness' checks in dl module - CVE-2008-3905 - resolv.rb adds random transactions ids and source ports to prevent DNS spoofing attacks http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in- rexml/ - CVE-2008-3790 - DoS in the REXML module One issue not covered by any upstream advisory: - CVE-2008-3443 - DoS in the regular expression engine Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 34380
    published 2008-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34380
    title Fedora 9 : ruby-1.8.6.287-2.fc9 (2008-8738)
  • NASL family CISCO
    NASL id CISCO-SA-20080708-DNSHTTP.NASL
    description Multiple Cisco products are vulnerable to DNS cache poisoning attacks due to their use of insufficiently randomized DNS transaction IDs and UDP source ports in the DNS queries that they produce, which may allow an attacker to more easily forge DNS answers that can poison DNS caches. To exploit this vulnerability an attacker must be able to cause a vulnerable DNS server to perform recursive DNS queries. Therefore, DNS servers that are only authoritative, or servers where recursion is not allowed, are not affected. Cisco has released free software updates that address these vulnerabilities.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 49017
    published 2010-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49017
    title Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0533.NASL
    description Updated bind packages that help mitigate DNS spoofing attacks are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 10th July 2008] We have updated the Enterprise Linux 5 packages in this advisory. The default and sample caching-nameserver configuration files have been updated so that they do not specify a fixed query-source port. Administrators wishing to take advantage of randomized UDP source ports should check their configuration file to ensure they have not specified fixed query-source ports. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. The DNS protocol protects against spoofing attacks by requiring an attacker to predict both the DNS transaction ID and UDP source port of a request. In recent years, a number of papers have found problems with DNS implementations which make it easier for an attacker to perform DNS cache-poisoning attacks. Previous versions of BIND did not use randomized UDP source ports. If an attacker was able to predict the random DNS transaction ID, this could make DNS cache-poisoning attacks easier. In order to provide more resilience, BIND has been updated to use a range of random UDP source ports. (CVE-2008-1447) Note: This errata also updates SELinux policy on Red Hat Enterprise Linux 4 and 5 to allow BIND to use random UDP source ports. Users of BIND are advised to upgrade to these updated packages, which contain a backported patch to add this functionality. Red Hat would like to thank Dan Kaminsky for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 33462
    published 2008-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33462
    title RHEL 2.1 / 3 / 4 / 5 : bind (RHSA-2008:0533)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_DNSMASQ-080813.NASL
    description This update of dnsmasq uses random UDP source ports and a random TRXID now. (CVE-2008-1447)
    last seen 2019-02-21
    modified 2015-05-29
    plugin id 39951
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39951
    title openSUSE Security Update : dnsmasq (dnsmasq-147)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0533.NASL
    description Updated bind packages that help mitigate DNS spoofing attacks are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 10th July 2008] We have updated the Enterprise Linux 5 packages in this advisory. The default and sample caching-nameserver configuration files have been updated so that they do not specify a fixed query-source port. Administrators wishing to take advantage of randomized UDP source ports should check their configuration file to ensure they have not specified fixed query-source ports. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. The DNS protocol protects against spoofing attacks by requiring an attacker to predict both the DNS transaction ID and UDP source port of a request. In recent years, a number of papers have found problems with DNS implementations which make it easier for an attacker to perform DNS cache-poisoning attacks. Previous versions of BIND did not use randomized UDP source ports. If an attacker was able to predict the random DNS transaction ID, this could make DNS cache-poisoning attacks easier. In order to provide more resilience, BIND has been updated to use a range of random UDP source ports. (CVE-2008-1447) Note: This errata also updates SELinux policy on Red Hat Enterprise Linux 4 and 5 to allow BIND to use random UDP source ports. Users of BIND are advised to upgrade to these updated packages, which contain a backported patch to add this functionality. Red Hat would like to thank Dan Kaminsky for reporting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 33448
    published 2008-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33448
    title CentOS 3 / 4 / 5 : bind / selinux-policy (CESA-2008:0533)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-6256.NASL
    description 9.5.0-P1 release which contains fix for CVE-2008-1447. This update also fixes typo in bind-sdb summary and fixes parsing of inner ACLs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-22
    plugin id 33468
    published 2008-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33468
    title Fedora 9 : bind-9.5.0-33.P1.fc9 (2008-6256)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_BIND-5410.NASL
    description The transaction id and the UDP source port used for DNS queries by the bind nameserver were predicatable. Attackers could potentially exploit that weakness to manipulate the DNS cache ('DNS cache poisoning', CVE-2008-1447).
    last seen 2019-02-21
    modified 2016-08-16
    plugin id 33501
    published 2008-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33501
    title openSUSE 10 Security Update : bind (bind-5410)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0533.NASL
    description From Red Hat Security Advisory 2008:0533 : Updated bind packages that help mitigate DNS spoofing attacks are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 10th July 2008] We have updated the Enterprise Linux 5 packages in this advisory. The default and sample caching-nameserver configuration files have been updated so that they do not specify a fixed query-source port. Administrators wishing to take advantage of randomized UDP source ports should check their configuration file to ensure they have not specified fixed query-source ports. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. The DNS protocol protects against spoofing attacks by requiring an attacker to predict both the DNS transaction ID and UDP source port of a request. In recent years, a number of papers have found problems with DNS implementations which make it easier for an attacker to perform DNS cache-poisoning attacks. Previous versions of BIND did not use randomized UDP source ports. If an attacker was able to predict the random DNS transaction ID, this could make DNS cache-poisoning attacks easier. In order to provide more resilience, BIND has been updated to use a range of random UDP source ports. (CVE-2008-1447) Note: This errata also updates SELinux policy on Red Hat Enterprise Linux 4 and 5 to allow BIND to use random UDP source ports. Users of BIND are advised to upgrade to these updated packages, which contain a backported patch to add this functionality. Red Hat would like to thank Dan Kaminsky for reporting this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67709
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67709
    title Oracle Linux 3 / 4 / 5 : bind (ELSA-2008-0533)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-651-1.NASL
    description Akira Tagoh discovered a vulnerability in Ruby which lead to an integer overflow. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2376) Laurent Gaffie discovered that Ruby did not properly check for memory allocation failures. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service. (CVE-2008-3443) Keita Yamaguchi discovered several safe level vulnerabilities in Ruby. An attacker could use this to bypass intended access restrictions. (CVE-2008-3655) Keita Yamaguchi discovered that WEBrick in Ruby did not properly validate paths ending with '.'. A remote attacker could send a crafted HTTP request and cause a denial of service. (CVE-2008-3656) Keita Yamaguchi discovered that the dl module in Ruby did not check the taintness of inputs. An attacker could exploit this vulnerability to bypass safe levels and execute dangerous functions. (CVE-2008-3657) Luka Treiber and Mitja Kolsek discovered that REXML in Ruby did not always use expansion limits when processing XML documents. If a user or automated system were tricked into open a crafted XML file, an attacker could cause a denial of service via CPU consumption. (CVE-2008-3790) Jan Lieskovsky discovered several flaws in the name resolver of Ruby. A remote attacker could exploit this to spoof DNS entries, which could lead to misdirected traffic. This is a different vulnerability from CVE-2008-1447. (CVE-2008-3905). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 37068
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37068
    title Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : ruby1.8 vulnerabilities (USN-651-1)
oval via4
  • accepted 2015-04-20T04:00:16.171-04:00
    class vulnerability
    contributors
    • name K, Balamurugan
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
    family unix
    id oval:org.mitre.oval:def:12117
    status accepted
    submitted 2011-02-01T11:17:11.000-05:00
    title HP-UX Running BIND, Remote DNS Cache Poisoning
    version 46
  • accepted 2011-11-14T04:00:45.190-05:00
    class vulnerability
    contributors
    • name Jeff Ito
      organization Secure Elements, Inc.
    • name Chandan S
      organization SecPod Technologies
    definition_extensions
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Windows XP Professional x64 Edition SP1 is installed
      oval oval:org.mitre.oval:def:720
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows Server 2003 SP1 (x86) is installed
      oval oval:org.mitre.oval:def:565
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows Server 2003 SP1 for Itanium is installed
      oval oval:org.mitre.oval:def:1205
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
      oval oval:org.mitre.oval:def:1442
    description The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
    family windows
    id oval:org.mitre.oval:def:5725
    status accepted
    submitted 2008-07-08T14:18:00
    title DNS Insufficient Socket Entropy Vulnerability
    version 68
  • accepted 2015-04-20T04:02:27.378-04:00
    class vulnerability
    contributors
    • name Michael Wood
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
    family unix
    id oval:org.mitre.oval:def:5761
    status accepted
    submitted 2008-08-06T17:38:46.000-04:00
    title HP-UX Running BIND, Remote DNS Cache Poisoning
    version 43
  • accepted 2009-10-05T04:00:05.186-04:00
    class vulnerability
    contributors
    name Pai Peng
    organization Hewlett-Packard
    definition_extensions
    • comment Solaris 8 (SPARC) is installed
      oval oval:org.mitre.oval:def:1539
    • comment Solaris 9 (SPARC) is installed
      oval oval:org.mitre.oval:def:1457
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 8 (x86) is installed
      oval oval:org.mitre.oval:def:2059
    • comment Solaris 9 (x86) is installed
      oval oval:org.mitre.oval:def:1683
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
    family unix
    id oval:org.mitre.oval:def:5917
    status accepted
    submitted 2009-08-25T16:38:09.000-04:00
    title Security Vulnerability in the DNS Protocol May Lead to DNS Cache Poisoning
    version 30
  • accepted 2013-04-29T04:20:49.236-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
    family unix
    id oval:org.mitre.oval:def:9627
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
    version 25
packetstorm via4
redhat via4
advisories
  • bugzilla
    id 454852
    title Default caching-nameserver configuration blocks fixes for CVE-2008-1447 (rhel-5)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhsa:tst:20060015001
      • OR
        • AND
          • comment bind is earlier than 20:9.2.4-22.el3
            oval oval:com.redhat.rhsa:tst:20080533002
          • comment bind is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044003
        • AND
          • comment bind-chroot is earlier than 20:9.2.4-22.el3
            oval oval:com.redhat.rhsa:tst:20080533010
          • comment bind-chroot is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044009
        • AND
          • comment bind-devel is earlier than 20:9.2.4-22.el3
            oval oval:com.redhat.rhsa:tst:20080533004
          • comment bind-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044005
        • AND
          • comment bind-libs is earlier than 20:9.2.4-22.el3
            oval oval:com.redhat.rhsa:tst:20080533006
          • comment bind-libs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044007
        • AND
          • comment bind-utils is earlier than 20:9.2.4-22.el3
            oval oval:com.redhat.rhsa:tst:20080533008
          • comment bind-utils is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044011
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhsa:tst:20060016001
      • OR
        • AND
          • comment bind is earlier than 20:9.2.4-28.0.1.el4
            oval oval:com.redhat.rhsa:tst:20080533013
          • comment bind is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044003
        • AND
          • comment bind-chroot is earlier than 20:9.2.4-28.0.1.el4
            oval oval:com.redhat.rhsa:tst:20080533014
          • comment bind-chroot is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044009
        • AND
          • comment bind-devel is earlier than 20:9.2.4-28.0.1.el4
            oval oval:com.redhat.rhsa:tst:20080533015
          • comment bind-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044005
        • AND
          • comment bind-libs is earlier than 20:9.2.4-28.0.1.el4
            oval oval:com.redhat.rhsa:tst:20080533017
          • comment bind-libs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044007
        • AND
          • comment bind-utils is earlier than 20:9.2.4-28.0.1.el4
            oval oval:com.redhat.rhsa:tst:20080533016
          • comment bind-utils is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044011
        • AND
          • comment selinux-policy-targeted is earlier than 0:1.17.30-2.150.el4
            oval oval:com.redhat.rhsa:tst:20080533018
          • comment selinux-policy-targeted is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20080533019
        • AND
          • comment selinux-policy-targeted-sources is earlier than 0:1.17.30-2.150.el4
            oval oval:com.redhat.rhsa:tst:20080533020
          • comment selinux-policy-targeted-sources is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20080533021
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • OR
        • AND
          • comment selinux-policy is earlier than 0:2.4.6-137.1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533023
          • comment selinux-policy is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080533024
        • AND
          • comment selinux-policy-devel is earlier than 0:2.4.6-137.1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533025
          • comment selinux-policy-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080533026
        • AND
          • comment selinux-policy-mls is earlier than 0:2.4.6-137.1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533029
          • comment selinux-policy-mls is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080533030
        • AND
          • comment selinux-policy-strict is earlier than 0:2.4.6-137.1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533031
          • comment selinux-policy-strict is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080533032
        • AND
          • comment selinux-policy-targeted is earlier than 0:2.4.6-137.1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533027
          • comment selinux-policy-targeted is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080533028
        • AND
          • comment bind is earlier than 30:9.3.4-6.0.2.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533033
          • comment bind is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057003
        • AND
          • comment bind-chroot is earlier than 30:9.3.4-6.0.2.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533039
          • comment bind-chroot is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057005
        • AND
          • comment bind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533041
          • comment bind-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057007
        • AND
          • comment bind-libbind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533047
          • comment bind-libbind-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057015
        • AND
          • comment bind-libs is earlier than 30:9.3.4-6.0.2.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533037
          • comment bind-libs is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057017
        • AND
          • comment bind-sdb is earlier than 30:9.3.4-6.0.2.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533045
          • comment bind-sdb is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057009
        • AND
          • comment bind-utils is earlier than 30:9.3.4-6.0.2.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533043
          • comment bind-utils is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057011
        • AND
          • comment caching-nameserver is earlier than 30:9.3.4-6.0.2.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533035
          • comment caching-nameserver is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057013
    rhsa
    id RHSA-2008:0533
    released 2008-07-08
    severity Important
    title RHSA-2008:0533: bind security update (Important)
  • bugzilla
    id 449345
    title CVE-2008-1447 bind: implement source UDP port randomization (CERT VU#800113)
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • comment dnsmasq is earlier than 0:2.45-1.el5_2.1
      oval oval:com.redhat.rhsa:tst:20080789002
    • comment dnsmasq is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20080789003
    rhsa
    id RHSA-2008:0789
    released 2008-08-11
    severity Moderate
    title RHSA-2008:0789: dnsmasq security update (Moderate)
rpms
  • bind-20:9.2.4-22.el3
  • bind-chroot-20:9.2.4-22.el3
  • bind-devel-20:9.2.4-22.el3
  • bind-libs-20:9.2.4-22.el3
  • bind-utils-20:9.2.4-22.el3
  • bind-20:9.2.4-28.0.1.el4
  • bind-chroot-20:9.2.4-28.0.1.el4
  • bind-devel-20:9.2.4-28.0.1.el4
  • bind-libs-20:9.2.4-28.0.1.el4
  • bind-utils-20:9.2.4-28.0.1.el4
  • selinux-policy-targeted-0:1.17.30-2.150.el4
  • selinux-policy-targeted-sources-0:1.17.30-2.150.el4
  • selinux-policy-0:2.4.6-137.1.el5_2
  • selinux-policy-devel-0:2.4.6-137.1.el5_2
  • selinux-policy-mls-0:2.4.6-137.1.el5_2
  • selinux-policy-strict-0:2.4.6-137.1.el5_2
  • selinux-policy-targeted-0:2.4.6-137.1.el5_2
  • bind-30:9.3.4-6.0.2.P1.el5_2
  • bind-chroot-30:9.3.4-6.0.2.P1.el5_2
  • bind-devel-30:9.3.4-6.0.2.P1.el5_2
  • bind-libbind-devel-30:9.3.4-6.0.2.P1.el5_2
  • bind-libs-30:9.3.4-6.0.2.P1.el5_2
  • bind-sdb-30:9.3.4-6.0.2.P1.el5_2
  • bind-utils-30:9.3.4-6.0.2.P1.el5_2
  • caching-nameserver-30:9.3.4-6.0.2.P1.el5_2
  • dnsmasq-0:2.45-1.el5_2.1
refmap via4
aixapar
  • IZ26667
  • IZ26668
  • IZ26669
  • IZ26670
  • IZ26671
  • IZ26672
apple
  • APPLE-SA-2008-07-31
  • APPLE-SA-2008-09-09
  • APPLE-SA-2008-09-12
  • APPLE-SA-2008-09-15
bid 30131
bugtraq
  • 20080808 New paper: An Illustrated Guide to the Kaminsky DNS Vulnerability
  • 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
cert
  • TA08-190A
  • TA08-190B
  • TA08-260A
cert-vn VU#800113
cisco 20080708 Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks
confirm
debian
  • DSA-1603
  • DSA-1604
  • DSA-1605
  • DSA-1619
  • DSA-1623
exploit-db
  • 6122
  • 6123
  • 6130
fedora
  • FEDORA-2008-6256
  • FEDORA-2008-6281
freebsd FreeBSD-SA-08:06
fulldisc 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
gentoo
  • GLSA-200807-08
  • GLSA-200812-17
  • GLSA-201209-25
hp
  • HPSBMP02404
  • HPSBNS02405
  • HPSBOV02357
  • HPSBOV03226
  • HPSBTU02358
  • HPSBUX02351
  • SSRT071449
  • SSRT080058
  • SSRT090014
  • SSRT101004
mandriva MDVSA-2008:139
misc
ms MS08-037
netbsd NetBSD-SA2008-009
openbsd
  • [4.2] 013: SECURITY FIX: July 23, 2008
  • [4.3] 004: SECURITY FIX: July 23, 2008
sectrack
  • 1020437
  • 1020438
  • 1020440
  • 1020448
  • 1020449
  • 1020548
  • 1020558
  • 1020560
  • 1020561
  • 1020575
  • 1020576
  • 1020577
  • 1020578
  • 1020579
  • 1020651
  • 1020653
  • 1020702
  • 1020802
  • 1020804
secunia
  • 30925
  • 30973
  • 30977
  • 30979
  • 30980
  • 30988
  • 30989
  • 30998
  • 31011
  • 31012
  • 31014
  • 31019
  • 31022
  • 31030
  • 31031
  • 31033
  • 31052
  • 31065
  • 31072
  • 31093
  • 31094
  • 31137
  • 31143
  • 31151
  • 31152
  • 31153
  • 31169
  • 31197
  • 31199
  • 31204
  • 31207
  • 31209
  • 31212
  • 31213
  • 31221
  • 31236
  • 31237
  • 31254
  • 31326
  • 31354
  • 31422
  • 31430
  • 31451
  • 31482
  • 31495
  • 31588
  • 31687
  • 31823
  • 31882
  • 31900
  • 33178
  • 33714
  • 33786
slackware
  • SSA:2008-191
  • SSA:2008-205-01
sunalert
  • 239392
  • 240048
suse
  • SUSE-SA:2008:033
  • SUSE-SR:2008:017
ubuntu
  • USN-622-1
  • USN-627-1
vupen
  • ADV-2008-2019
  • ADV-2008-2023
  • ADV-2008-2025
  • ADV-2008-2029
  • ADV-2008-2030
  • ADV-2008-2050
  • ADV-2008-2051
  • ADV-2008-2052
  • ADV-2008-2055
  • ADV-2008-2092
  • ADV-2008-2113
  • ADV-2008-2114
  • ADV-2008-2123
  • ADV-2008-2139
  • ADV-2008-2166
  • ADV-2008-2195
  • ADV-2008-2196
  • ADV-2008-2197
  • ADV-2008-2268
  • ADV-2008-2291
  • ADV-2008-2334
  • ADV-2008-2342
  • ADV-2008-2377
  • ADV-2008-2383
  • ADV-2008-2384
  • ADV-2008-2466
  • ADV-2008-2467
  • ADV-2008-2482
  • ADV-2008-2525
  • ADV-2008-2549
  • ADV-2008-2558
  • ADV-2008-2582
  • ADV-2008-2584
  • ADV-2009-0297
  • ADV-2009-0311
  • ADV-2010-0622
xf
  • cisco-multiple-dns-cache-poisoning(43637)
  • win-dns-client-server-spoofing(43334)
statements via4
contributor Mark J Cox
lastmodified 2008-07-09
organization Red Hat
statement http://rhn.redhat.com/errata/RHSA-2008-0533.html
Last major update 19-02-2017 - 00:21
Published 08-07-2008 - 19:41
Last modified 12-10-2018 - 17:45
Back to Top