CVE-2008-1447 | AttackerKB

Description

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka “DNS Insufficient Socket Entropy Vulnerability” or “the Kaminsky bug.”

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

6.8 Medium

Impact Score:

4

Exploitability Score:

2.2

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

Attack Vector (AV):

Network

Attack Complexity (AC):

High

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Changed

Confidentiality (C):

None

Integrity (I):

High

Availability (A):

None

Vendors

isc

Products

Metasploit Modules

DNS BailiWicked Host Attack (https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/spoof/dns/bailiwicked_host.rb)

DNS BailiWicked Domain Attack (https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/spoof/dns/bailiwicked_domain.rb)

References

Canonical

CVE-2008-1447 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447)

BID-30131 (http://www.securityfocus.com/bid/30131)

Advisory

SECTRACK-1020438 (http://www.securitytracker.com/id?1020438)

FEDORA-2008-6256 (https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html)

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

VU#800113 (http://www.kb.cert.org/vuls/id/800113)

SECUNIA-31137 (http://secunia.com/advisories/31137)

SECUNIA-31430 (http://secunia.com/advisories/31430)

http://www.kb.cert.org/vuls/id/MIMG-7DWR4J

SECUNIA-31169 (http://secunia.com/advisories/31169)

http://www.phys.uu.nl/~rombouts/pdnsd.html

SECTRACK-1020702 (http://www.securitytracker.com/id?1020702)

GLSA-201209-25 (http://security.gentoo.org/glsa/glsa-201209-25.xml)

ADV-2008-2052 (http://www.vupen.com/english/advisories/2008/2052/references)

SECTRACK-1020561 (http://www.securitytracker.com/id?1020561)

http://www.vmware.com/security/advisories/VMSA-2008-0014.html

HPSBOV03226 (http://marc.info?l=bugtraq&m=141879471518471&w=2)

SECTRACK-1020578 (http://www.securitytracker.com/id?1020578)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9627

SECTRACK-1020802 (http://www.securitytracker.com/id?1020802)

HPSBMP02404 (http://marc.info?l=bugtraq&m=123324863916385&w=2)

SECUNIA-31236 (http://secunia.com/advisories/31236)

APPLE-SA-2008-09-15 (http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html)

SECTRACK-1020651 (http://www.securitytracker.com/id?1020651)

SECTRACK-1020437 (http://www.securitytracker.com/id?1020437)

SECUNIA-31209 (http://secunia.com/advisories/31209)

SECUNIA-31012 (http://secunia.com/advisories/31012)

SECUNIA-31151 (http://secunia.com/advisories/31151)

ADV-2008-2050 (http://www.vupen.com/english/advisories/2008/2050/references)

http://support.citrix.com/article/CTX117991

SECUNIA-31237 (http://secunia.com/advisories/31237)

http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog

APPLE-SA-2008-07-31 (http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html)

XF-win-dns-client-server-spoofing(43334) (https://exchange.xforce.ibmcloud.com/vulnerabilities/43334)

SECUNIA-31495 (http://secunia.com/advisories/31495)

EXPLOIT-DB-6130 (https://www.exploit-db.com/exploits/6130)

20080708 Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks (http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml)

SECTRACK-1020579 (http://www.securitytracker.com/id?1020579)

SECTRACK-1020653 (http://www.securitytracker.com/id?1020653)

SECUNIA-30998 (http://secunia.com/advisories/30998)

DSA-1603 (http://www.debian.org/security/2008/dsa-1603)

ADV-2008-2525 (http://www.vupen.com/english/advisories/2008/2525)

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html

SECUNIA-31094 (http://secunia.com/advisories/31094)

IZ26668 (http://www.ibm.com/support/docview.wss?uid=isg1IZ26668)

SECUNIA-31687 (http://secunia.com/advisories/31687)

ADV-2008-2025 (http://www.vupen.com/english/advisories/2008/2025/references)

SUNALERT-239392 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1)

TA08-260A (http://www.us-cert.gov/cas/techalerts/TA08-260A.html)

SECUNIA-31588 (http://secunia.com/advisories/31588)

SECUNIA-31019 (http://secunia.com/advisories/31019)

ADV-2008-2029 (http://www.vupen.com/english/advisories/2008/2029/references)

SSRT080058 (http://marc.info?l=bugtraq&m=121630706004256&w=2)

EXPLOIT-DB-6123 (https://www.exploit-db.com/exploits/6123)

IZ26671 (http://www.ibm.com/support/docview.wss?uid=isg1IZ26671)

FEDORA-2008-6281 (https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html)

ADV-2008-2268 (http://www.vupen.com/english/advisories/2008/2268)

ADV-2009-0297 (http://www.vupen.com/english/advisories/2009/0297)

SECUNIA-31207 (http://secunia.com/advisories/31207)

SECUNIA-31031 (http://secunia.com/advisories/31031)

ADV-2008-2584 (http://www.vupen.com/english/advisories/2008/2584)

SECUNIA-31451 (http://secunia.com/advisories/31451)

ADV-2008-2051 (http://www.vupen.com/english/advisories/2008/2051/references)

SECUNIA-30977 (http://secunia.com/advisories/30977)

http://www.redhat.com/support/errata/RHSA-2008-0789.html

ADV-2008-2377 (http://www.vupen.com/english/advisories/2008/2377)

HPSBNS02405 (http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368)

SECTRACK-1020558 (http://www.securitytracker.com/id?1020558)

SECUNIA-31221 (http://secunia.com/advisories/31221)

http://rhn.redhat.com/errata/RHSA-2008-0533.html

SECTRACK-1020804 (http://www.securitytracker.com/id?1020804)

SECUNIA-31143 (http://secunia.com/advisories/31143)

20080808 New paper: An Illustrated Guide to the Kaminsky DNS Vulnerability (http://www.securityfocus.com/archive/1/495289/100/0/threaded)

ADV-2008-2195 (http://www.vupen.com/english/advisories/2008/2195/references)

ADV-2008-2196 (http://www.vupen.com/english/advisories/2008/2196/references)

SECUNIA-33714 (http://secunia.com/advisories/33714)

HPSBTU02358 (http://marc.info?l=bugtraq&m=121866517322103&w=2)

SECUNIA-33786 (http://secunia.com/advisories/33786)

SECTRACK-1020448 (http://www.securitytracker.com/id?1020448)

SECUNIA-31882 (http://secunia.com/advisories/31882)

ADV-2008-2384 (http://www.vupen.com/english/advisories/2008/2384)

IZ26669 (http://www.ibm.com/support/docview.wss?uid=isg1IZ26669)

http://up2date.astaro.com/2008/08/up2date_7202_released.html

ADV-2008-2123 (http://www.vupen.com/english/advisories/2008/2123/references)

http://support.apple.com/kb/HT3026

SECUNIA-31014 (http://secunia.com/advisories/31014)

SECUNIA-30979 (http://secunia.com/advisories/30979)

SECTRACK-1020575 (http://www.securitytracker.com/id?1020575)

http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby

ADV-2008-2482 (http://www.vupen.com/english/advisories/2008/2482)

IZ26672 (http://www.ibm.com/support/docview.wss?uid=isg1IZ26672)

http://support.apple.com/kb/HT3129

DSA-1619 (http://www.debian.org/security/2008/dsa-1619)

ADV-2008-2166 (http://www.vupen.com/english/advisories/2008/2166/references)

SECUNIA-31072 (http://secunia.com/advisories/31072)

ADV-2008-2139 (http://www.vupen.com/english/advisories/2008/2139/references)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5761

ADV-2008-2092 (http://www.vupen.com/english/advisories/2008/2092/references)

SECUNIA-31482 (http://secunia.com/advisories/31482)

IZ26670 (http://www.ibm.com/support/docview.wss?uid=isg1IZ26670)

http://www.mandriva.com/security/advisories?name=MDVSA-2008:139

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5917

SECUNIA-30989 (http://secunia.com/advisories/30989)

ADV-2008-2055 (http://www.vupen.com/english/advisories/2008/2055/references)

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=762152

http://www.ipcop.org/index.php?name=News&file=article&sid=40

SECUNIA-31065 (http://secunia.com/advisories/31065)

SECUNIA-31254 (http://secunia.com/advisories/31254)

20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. (http://www.securityfocus.com/archive/1/495869/100/0/threaded)

USN-627-1 (http://www.ubuntu.com/usn/usn-627-1)

ADV-2010-0622 (http://www.vupen.com/english/advisories/2010/0622)

SECTRACK-1020576 (http://www.securitytracker.com/id?1020576)

http://www.isc.org/index.pl?/sw/bind/bind-security.php

HPSBOV02357 (http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520)

SECUNIA-31153 (http://secunia.com/advisories/31153)

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231

ADV-2008-2549 (http://www.vupen.com/english/advisories/2008/2549)

IZ26667 (http://www.ibm.com/support/docview.wss?uid=isg1IZ26667)

http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html

SECUNIA-31213 (http://secunia.com/advisories/31213)

SECUNIA-31030 (http://secunia.com/advisories/31030)

USN-622-1 (http://www.ubuntu.com/usn/usn-622-1)

SECUNIA-31033 (http://secunia.com/advisories/31033)

SECTRACK-1020440 (http://www.securitytracker.com/id?1020440)

APPLE-SA-2008-09-12 (http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html)

20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues. (http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html)

DSA-1604 (http://www.debian.org/security/2008/dsa-1604)

SECUNIA-31823 (http://secunia.com/advisories/31823)

SECUNIA-31326 (http://secunia.com/advisories/31326)

ADV-2008-2558 (http://www.vupen.com/english/advisories/2008/2558)

EXPLOIT-DB-6122 (https://www.exploit-db.com/exploits/6122)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5725

XF-cisco-multiple-dns-cache-poisoning(43637) (https://exchange.xforce.ibmcloud.com/vulnerabilities/43637)

ADV-2008-2383 (http://www.vupen.com/english/advisories/2008/2383)

SECTRACK-1020560 (http://www.securitytracker.com/id?1020560)

SECUNIA-31900 (http://secunia.com/advisories/31900)

http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q

http://support.citrix.com/article/CTX118183

SECUNIA-30925 (http://secunia.com/advisories/30925)

ADV-2009-0311 (http://www.vupen.com/english/advisories/2009/0311)

http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018

DSA-1623 (http://www.debian.org/security/2008/dsa-1623)

ADV-2008-2582 (http://www.vupen.com/english/advisories/2008/2582)

DSA-1605 (http://www.debian.org/security/2008/dsa-1605)

http://www.novell.com/support/viewContent.do?externalId=7000912

http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning

ADV-2008-2342 (http://www.vupen.com/english/advisories/2008/2342)

ADV-2008-2114 (http://www.vupen.com/english/advisories/2008/2114/references)

SECUNIA-30973 (http://secunia.com/advisories/30973)

SECUNIA-31204 (http://secunia.com/advisories/31204)

SECUNIA-31354 (http://secunia.com/advisories/31354)

GLSA-200812-17 (http://security.gentoo.org/glsa/glsa-200812-17.xml)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12117

SECUNIA-33178 (http://secunia.com/advisories/33178)

SECUNIA-30988 (http://secunia.com/advisories/30988)

APPLE-SA-2008-09-09 (http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html)

SECUNIA-31011 (http://secunia.com/advisories/31011)

ADV-2008-2334 (http://www.vupen.com/english/advisories/2008/2334)

SECTRACK-1020577 (http://www.securitytracker.com/id?1020577)

SECUNIA-31422 (http://secunia.com/advisories/31422)

SECUNIA-31197 (http://secunia.com/advisories/31197)

SECTRACK-1020548 (http://www.securitytracker.com/id?1020548)

ADV-2008-2467 (http://www.vupen.com/english/advisories/2008/2467)

SUNALERT-240048 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-240048-1)

TA08-190B (http://www.us-cert.gov/cas/techalerts/TA08-190B.html)

TA08-190A (http://www.us-cert.gov/cas/techalerts/TA08-190A.html)

GLSA-200807-08 (http://security.gentoo.org/glsa/glsa-200807-08.xml)

SECUNIA-31022 (http://secunia.com/advisories/31022)

SECTRACK-1020449 (http://www.securitytracker.com/id?1020449)

SECUNIA-31093 (http://secunia.com/advisories/31093)

SECUNIA-31052 (http://secunia.com/advisories/31052)

SECUNIA-30980 (http://secunia.com/advisories/30980)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401

SECUNIA-31199 (http://secunia.com/advisories/31199)

ADV-2008-2030 (http://www.vupen.com/english/advisories/2008/2030/references)

ADV-2008-2291 (http://www.vupen.com/english/advisories/2008/2291)

ADV-2008-2023 (http://www.vupen.com/english/advisories/2008/2023/references)

ADV-2008-2466 (http://www.vupen.com/english/advisories/2008/2466)

MS08-037 (https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-037)

SECUNIA-31212 (http://secunia.com/advisories/31212)

ADV-2008-2113 (http://www.vupen.com/english/advisories/2008/2113/references)

SECUNIA-31152 (http://secunia.com/advisories/31152)

ADV-2008-2019 (http://www.vupen.com/english/advisories/2008/2019/references)

ADV-2008-2197 (http://www.vupen.com/english/advisories/2008/2197/references)

Miscellaneous

http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc

[4.2] 013: SECURITY FIX: July 23, 2008 (http://www.openbsd.org/errata42.html#013_bind)

http://www.nominum.com/asset_upload_file741_2661.pdf

[4.3] 004: SECURITY FIX: July 23, 2008 (http://www.openbsd.org/errata43.html#004_bind)

http://www.doxpara.com?p=1176

http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html

http://www.doxpara.com/DMK_BO2K8.ppt

http://www.caughq.org/exploits/CAU-EX-2008-0003.txt

http://www.caughq.org/exploits/CAU-EX-2008-0002.txt

http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.539239

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.452680

Rapid7

Technical Analysis