ID CVE-2008-1447
Summary The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
References
Vulnerable Configurations
  • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:compute_cluster:*:itanium:*
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:compute_cluster:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:datacenter:*:itanium:*
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:datacenter:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:enterprise:*:itanium:*
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:enterprise:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:standard:*:itanium:*
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:standard:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:storage:*:itanium:*
    cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:storage:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:compute_cluster:*:itanium:*
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:compute_cluster:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:compute_cluster:*:x64:*
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:compute_cluster:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:datacenter:*:itanium:*
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:datacenter:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:datacenter:*:x64:*
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:datacenter:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:enterprise:*:itanium:*
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:enterprise:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:enterprise:*:x64:*
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:enterprise:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:standard:*:itanium:*
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:standard:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:standard:*:x64:*
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:standard:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:storage:*:itanium:*
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:storage:*:itanium:*
  • cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:storage:*:x64:*
    cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:storage:*:x64:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:-:-:*:*:professional:*:x64:*
    cpe:2.3:o:microsoft:windows_xp:-:-:*:*:professional:*:x64:*
  • cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:4:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.9:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 09-10-2019 - 22:55)
Impact:
Exploitability:
CWE CWE-331
CAPEC
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
oval via4
  • accepted 2015-04-20T04:00:16.171-04:00
    class vulnerability
    contributors
    • name K, Balamurugan
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
    family unix
    id oval:org.mitre.oval:def:12117
    status accepted
    submitted 2011-02-01T11:17:11.000-05:00
    title HP-UX Running BIND, Remote DNS Cache Poisoning
    version 46
  • accepted 2011-11-14T04:00:45.190-05:00
    class vulnerability
    contributors
    • name Jeff Ito
      organization Secure Elements, Inc.
    • name Chandan S
      organization SecPod Technologies
    definition_extensions
    • comment Microsoft Windows 2000 SP4 or later is installed
      oval oval:org.mitre.oval:def:229
    • comment Microsoft Windows XP (x86) SP2 is installed
      oval oval:org.mitre.oval:def:754
    • comment Microsoft Windows XP (x86) SP3 is installed
      oval oval:org.mitre.oval:def:5631
    • comment Microsoft Windows XP Professional x64 Edition SP1 is installed
      oval oval:org.mitre.oval:def:720
    • comment Microsoft Windows XP x64 Edition SP2 is installed
      oval oval:org.mitre.oval:def:4193
    • comment Microsoft Windows Server 2003 SP1 (x86) is installed
      oval oval:org.mitre.oval:def:565
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows Server 2003 SP1 for Itanium is installed
      oval oval:org.mitre.oval:def:1205
    • comment Microsoft Windows Server 2003 SP2 (x86) is installed
      oval oval:org.mitre.oval:def:1935
    • comment Microsoft Windows Server 2003 SP2 (x64) is installed
      oval oval:org.mitre.oval:def:2161
    • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
      oval oval:org.mitre.oval:def:1442
    description The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
    family windows
    id oval:org.mitre.oval:def:5725
    status accepted
    submitted 2008-07-08T14:18:00
    title DNS Insufficient Socket Entropy Vulnerability
    version 68
  • accepted 2015-04-20T04:02:27.378-04:00
    class vulnerability
    contributors
    • name Michael Wood
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
    family unix
    id oval:org.mitre.oval:def:5761
    status accepted
    submitted 2008-08-06T17:38:46.000-04:00
    title HP-UX Running BIND, Remote DNS Cache Poisoning
    version 43
  • accepted 2009-10-05T04:00:05.186-04:00
    class vulnerability
    contributors
    name Pai Peng
    organization Hewlett-Packard
    definition_extensions
    • comment Solaris 8 (SPARC) is installed
      oval oval:org.mitre.oval:def:1539
    • comment Solaris 9 (SPARC) is installed
      oval oval:org.mitre.oval:def:1457
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 8 (x86) is installed
      oval oval:org.mitre.oval:def:2059
    • comment Solaris 9 (x86) is installed
      oval oval:org.mitre.oval:def:1683
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
    family unix
    id oval:org.mitre.oval:def:5917
    status accepted
    submitted 2009-08-25T16:38:09.000-04:00
    title Security Vulnerability in the DNS Protocol May Lead to DNS Cache Poisoning
    version 30
  • accepted 2013-04-29T04:20:49.236-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
    family unix
    id oval:org.mitre.oval:def:9627
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
    version 25
redhat via4
advisories
  • bugzilla
    id 454852
    title Default caching-nameserver configuration blocks fixes for CVE-2008-1447 (rhel-5)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhba:tst:20070026001
      • OR
        • AND
          • comment bind is earlier than 20:9.2.4-22.el3
            oval oval:com.redhat.rhsa:tst:20080533002
          • comment bind is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044003
        • AND
          • comment bind-chroot is earlier than 20:9.2.4-22.el3
            oval oval:com.redhat.rhsa:tst:20080533010
          • comment bind-chroot is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044009
        • AND
          • comment bind-devel is earlier than 20:9.2.4-22.el3
            oval oval:com.redhat.rhsa:tst:20080533004
          • comment bind-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044005
        • AND
          • comment bind-libs is earlier than 20:9.2.4-22.el3
            oval oval:com.redhat.rhsa:tst:20080533006
          • comment bind-libs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044007
        • AND
          • comment bind-utils is earlier than 20:9.2.4-22.el3
            oval oval:com.redhat.rhsa:tst:20080533008
          • comment bind-utils is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044011
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304001
      • OR
        • AND
          • comment bind is earlier than 20:9.2.4-28.0.1.el4
            oval oval:com.redhat.rhsa:tst:20080533013
          • comment bind is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044003
        • AND
          • comment bind-chroot is earlier than 20:9.2.4-28.0.1.el4
            oval oval:com.redhat.rhsa:tst:20080533014
          • comment bind-chroot is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044009
        • AND
          • comment bind-devel is earlier than 20:9.2.4-28.0.1.el4
            oval oval:com.redhat.rhsa:tst:20080533015
          • comment bind-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044005
        • AND
          • comment bind-libs is earlier than 20:9.2.4-28.0.1.el4
            oval oval:com.redhat.rhsa:tst:20080533017
          • comment bind-libs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044007
        • AND
          • comment bind-utils is earlier than 20:9.2.4-28.0.1.el4
            oval oval:com.redhat.rhsa:tst:20080533016
          • comment bind-utils is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044011
        • AND
          • comment selinux-policy-targeted is earlier than 0:1.17.30-2.150.el4
            oval oval:com.redhat.rhsa:tst:20080533018
          • comment selinux-policy-targeted is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20080533019
        • AND
          • comment selinux-policy-targeted-sources is earlier than 0:1.17.30-2.150.el4
            oval oval:com.redhat.rhsa:tst:20080533020
          • comment selinux-policy-targeted-sources is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20080533021
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment selinux-policy is earlier than 0:2.4.6-137.1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533023
          • comment selinux-policy is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080533024
        • AND
          • comment selinux-policy-devel is earlier than 0:2.4.6-137.1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533025
          • comment selinux-policy-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080533026
        • AND
          • comment selinux-policy-mls is earlier than 0:2.4.6-137.1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533029
          • comment selinux-policy-mls is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080533030
        • AND
          • comment selinux-policy-strict is earlier than 0:2.4.6-137.1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533031
          • comment selinux-policy-strict is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080533032
        • AND
          • comment selinux-policy-targeted is earlier than 0:2.4.6-137.1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533027
          • comment selinux-policy-targeted is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20080533028
        • AND
          • comment bind is earlier than 30:9.3.4-6.0.2.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533033
          • comment bind is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057003
        • AND
          • comment bind-chroot is earlier than 30:9.3.4-6.0.2.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533039
          • comment bind-chroot is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057005
        • AND
          • comment bind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533041
          • comment bind-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057007
        • AND
          • comment bind-libbind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533047
          • comment bind-libbind-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057015
        • AND
          • comment bind-libs is earlier than 30:9.3.4-6.0.2.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533037
          • comment bind-libs is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057017
        • AND
          • comment bind-sdb is earlier than 30:9.3.4-6.0.2.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533045
          • comment bind-sdb is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057009
        • AND
          • comment bind-utils is earlier than 30:9.3.4-6.0.2.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533043
          • comment bind-utils is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057011
        • AND
          • comment caching-nameserver is earlier than 30:9.3.4-6.0.2.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20080533035
          • comment caching-nameserver is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057013
    rhsa
    id RHSA-2008:0533
    released 2008-07-08
    severity Important
    title RHSA-2008:0533: bind security update (Important)
  • bugzilla
    id 449345
    title CVE-2008-1447 bind: implement source UDP port randomization (CERT VU#800113)
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • comment dnsmasq is earlier than 0:2.45-1.el5_2.1
      oval oval:com.redhat.rhsa:tst:20080789002
    • comment dnsmasq is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20080789003
    rhsa
    id RHSA-2008:0789
    released 2008-08-11
    severity Moderate
    title RHSA-2008:0789: dnsmasq security update (Moderate)
rpms
  • bind-20:9.2.4-22.el3
  • bind-chroot-20:9.2.4-22.el3
  • bind-devel-20:9.2.4-22.el3
  • bind-libs-20:9.2.4-22.el3
  • bind-utils-20:9.2.4-22.el3
  • bind-20:9.2.4-28.0.1.el4
  • bind-chroot-20:9.2.4-28.0.1.el4
  • bind-devel-20:9.2.4-28.0.1.el4
  • bind-libs-20:9.2.4-28.0.1.el4
  • bind-utils-20:9.2.4-28.0.1.el4
  • selinux-policy-targeted-0:1.17.30-2.150.el4
  • selinux-policy-targeted-sources-0:1.17.30-2.150.el4
  • selinux-policy-0:2.4.6-137.1.el5_2
  • selinux-policy-devel-0:2.4.6-137.1.el5_2
  • selinux-policy-mls-0:2.4.6-137.1.el5_2
  • selinux-policy-strict-0:2.4.6-137.1.el5_2
  • selinux-policy-targeted-0:2.4.6-137.1.el5_2
  • bind-30:9.3.4-6.0.2.P1.el5_2
  • bind-chroot-30:9.3.4-6.0.2.P1.el5_2
  • bind-devel-30:9.3.4-6.0.2.P1.el5_2
  • bind-libbind-devel-30:9.3.4-6.0.2.P1.el5_2
  • bind-libs-30:9.3.4-6.0.2.P1.el5_2
  • bind-sdb-30:9.3.4-6.0.2.P1.el5_2
  • bind-utils-30:9.3.4-6.0.2.P1.el5_2
  • caching-nameserver-30:9.3.4-6.0.2.P1.el5_2
  • dnsmasq-0:2.45-1.el5_2.1
refmap via4
aixapar
  • IZ26667
  • IZ26668
  • IZ26669
  • IZ26670
  • IZ26671
  • IZ26672
apple
  • APPLE-SA-2008-07-31
  • APPLE-SA-2008-09-09
  • APPLE-SA-2008-09-12
  • APPLE-SA-2008-09-15
bid 30131
bugtraq
  • 20080808 New paper: An Illustrated Guide to the Kaminsky DNS Vulnerability
  • 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
cert
  • TA08-190A
  • TA08-190B
  • TA08-260A
cert-vn VU#800113
cisco 20080708 Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks
confirm
debian
  • DSA-1603
  • DSA-1604
  • DSA-1605
  • DSA-1619
  • DSA-1623
exploit-db
  • 6122
  • 6123
  • 6130
fedora
  • FEDORA-2008-6256
  • FEDORA-2008-6281
freebsd FreeBSD-SA-08:06
fulldisc 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
gentoo
  • GLSA-200807-08
  • GLSA-200812-17
  • GLSA-201209-25
hp
  • HPSBMP02404
  • HPSBNS02405
  • HPSBOV02357
  • HPSBOV03226
  • HPSBTU02358
  • HPSBUX02351
  • SSRT071449
  • SSRT080058
  • SSRT090014
  • SSRT101004
mandriva MDVSA-2008:139
misc
ms MS08-037
netbsd NetBSD-SA2008-009
openbsd
  • [4.2] 013: SECURITY FIX: July 23, 2008
  • [4.3] 004: SECURITY FIX: July 23, 2008
sectrack
  • 1020437
  • 1020438
  • 1020440
  • 1020448
  • 1020449
  • 1020548
  • 1020558
  • 1020560
  • 1020561
  • 1020575
  • 1020576
  • 1020577
  • 1020578
  • 1020579
  • 1020651
  • 1020653
  • 1020702
  • 1020802
  • 1020804
secunia
  • 30925
  • 30973
  • 30977
  • 30979
  • 30980
  • 30988
  • 30989
  • 30998
  • 31011
  • 31012
  • 31014
  • 31019
  • 31022
  • 31030
  • 31031
  • 31033
  • 31052
  • 31065
  • 31072
  • 31093
  • 31094
  • 31137
  • 31143
  • 31151
  • 31152
  • 31153
  • 31169
  • 31197
  • 31199
  • 31204
  • 31207
  • 31209
  • 31212
  • 31213
  • 31221
  • 31236
  • 31237
  • 31254
  • 31326
  • 31354
  • 31422
  • 31430
  • 31451
  • 31482
  • 31495
  • 31588
  • 31687
  • 31823
  • 31882
  • 31900
  • 33178
  • 33714
  • 33786
slackware
  • SSA:2008-191
  • SSA:2008-205-01
sunalert
  • 239392
  • 240048
suse
  • SUSE-SA:2008:033
  • SUSE-SR:2008:017
ubuntu
  • USN-622-1
  • USN-627-1
vupen
  • ADV-2008-2019
  • ADV-2008-2023
  • ADV-2008-2025
  • ADV-2008-2029
  • ADV-2008-2030
  • ADV-2008-2050
  • ADV-2008-2051
  • ADV-2008-2052
  • ADV-2008-2055
  • ADV-2008-2092
  • ADV-2008-2113
  • ADV-2008-2114
  • ADV-2008-2123
  • ADV-2008-2139
  • ADV-2008-2166
  • ADV-2008-2195
  • ADV-2008-2196
  • ADV-2008-2197
  • ADV-2008-2268
  • ADV-2008-2291
  • ADV-2008-2334
  • ADV-2008-2342
  • ADV-2008-2377
  • ADV-2008-2383
  • ADV-2008-2384
  • ADV-2008-2466
  • ADV-2008-2467
  • ADV-2008-2482
  • ADV-2008-2525
  • ADV-2008-2549
  • ADV-2008-2558
  • ADV-2008-2582
  • ADV-2008-2584
  • ADV-2009-0297
  • ADV-2009-0311
  • ADV-2010-0622
xf
  • cisco-multiple-dns-cache-poisoning(43637)
  • win-dns-client-server-spoofing(43334)
statements via4
contributor Mark J Cox
lastmodified 2008-07-09
organization Red Hat
statement http://rhn.redhat.com/errata/RHSA-2008-0533.html
Last major update 09-10-2019 - 22:55
Published 08-07-2008 - 23:41
Last modified 24-03-2020 - 18:19
Back to Top