CVE-2008-1447
Published Jul 8, 2008
Last updated 5 years ago
Overview
- Description
- The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
- Source
- secure@microsoft.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.8
- Impact score
- 4
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-331
Vendor comments
- Red Hathttp://rhn.redhat.com/errata/RHSA-2008-0533.html
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701"
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8F86F790-6247-42F2-9487-3D60A2842F52"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:x64:*",
"vulnerable": false,
"matchCriteriaId": "E3C43D05-40F8-4769-BA6B-A376420EA972"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:compute_cluster:*:itanium:*",
"vulnerable": false,
"matchCriteriaId": "69117328-A5AD-48A5-A56A-0AA8805A113E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:datacenter:*:itanium:*",
"vulnerable": false,
"matchCriteriaId": "3ECE18F6-9DDD-4354-9012-B0660E184E83"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:enterprise:*:itanium:*",
"vulnerable": false,
"matchCriteriaId": "4A2B4F1C-737D-40DA-B12E-6C664F9A7ECA"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:standard:*:itanium:*",
"vulnerable": false,
"matchCriteriaId": "DBBCB4B2-8007-4AD5-946E-396330E7DC31"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:storage:*:itanium:*",
"vulnerable": false,
"matchCriteriaId": "68758D17-44AF-4472-928C-3B94A7EAD671"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:compute_cluster:*:itanium:*",
"vulnerable": false,
"matchCriteriaId": "76EDD7D7-4567-4007-86A3-95E907616C6A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:compute_cluster:*:x64:*",
"vulnerable": false,
"matchCriteriaId": "7A933555-D875-47B9-BFA7-E030B04C1197"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:datacenter:*:itanium:*",
"vulnerable": false,
"matchCriteriaId": "4BAA5F63-9A88-4B38-B284-B6E6170F12A8"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:datacenter:*:x64:*",
"vulnerable": false,
"matchCriteriaId": "9F168D81-2D2B-4B75-B907-A8AE2A3523C5"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:enterprise:*:itanium:*",
"vulnerable": false,
"matchCriteriaId": "1778D813-845D-4B79-B9AF-5D4E0B461C75"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:enterprise:*:x64:*",
"vulnerable": false,
"matchCriteriaId": "A2E917A1-AFE1-4AA3-AB80-A69F152BAB51"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:standard:*:itanium:*",
"vulnerable": false,
"matchCriteriaId": "C8203007-1723-431B-ADDE-C5FE76A88619"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:standard:*:x64:*",
"vulnerable": false,
"matchCriteriaId": "423102CB-1FA1-46BB-8345-412F35DB25B7"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:storage:*:itanium:*",
"vulnerable": false,
"matchCriteriaId": "98E956AB-6A8E-4C5D-89D5-52BC374B1D7C"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:storage:*:x64:*",
"vulnerable": false,
"matchCriteriaId": "676A5A3B-EFE5-4B84-8F8E-CF952003F48F"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:-:*:*:professional:*:x64:*",
"vulnerable": false,
"matchCriteriaId": "4902A7BD-0645-4CAC-8EA8-24BD2D8B893A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "492EA1BE-E678-4300-A690-3BFCD4B233B2"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4E3C9031-F69A-4B6A-A8CB-39027174AA01"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D6B5646C-FF04-4D3D-B39E-27C1056962EA"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:client:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7361D8F0-FE84-41D0-9C62-F180339DD40A"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5454336D-724E-4027-A642-1EFCB79C1ADC"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:bind:4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E3C0D00-DF20-4B46-8A7D-99D963BD921E"
},
{
"criteria": "cpe:2.3:a:isc:bind:8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7904F3D9-A6B0-4ED6-8BAD-2D26C118C0F2"
},
{
"criteria": "cpe:2.3:a:isc:bind:9.2.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90E4653A-C63A-4568-BFF2-ECAB7AB5A55C"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]