Vulnerabilities > CVE-2008-1447 - Insufficient Entropy vulnerability in ISC Bind 4/8/9.2.9
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 4 | |
| OS | 1 | |
| OS | 1 | |
| OS | 20 | |
| OS | 6 | |
| Application | 3 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
Exploit-Db
description BIND 9.4.1-9.4.2 Remote DNS Cache Poisoning Flaw Exploit (meta). CVE-2008-1447,CVE-2008-4194. Remote exploits for multiple platform file exploits/multiple/remote/6122.rb id EDB-ID:6122 last seen 2016-02-01 modified 2008-07-23 platform multiple port published 2008-07-23 reporter I)ruid source https://www.exploit-db.com/download/6122/ title BIND 9.4.1-9.4.2 - Remote DNS Cache Poisoning Flaw Exploit meta type remote description BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py). CVE-2008-1447,CVE-2008-4194. Remote exploits for multiple platform file exploits/multiple/remote/6123.py id EDB-ID:6123 last seen 2016-02-01 modified 2008-07-24 platform multiple port published 2008-07-24 reporter Julien Desfossez source https://www.exploit-db.com/download/6123/ title BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit py type remote description BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c). CVE-2008-1447,CVE-2008-4194. Remote exploits for multiple platform file exploits/multiple/remote/6130.c id EDB-ID:6130 last seen 2016-01-31 modified 2008-07-25 platform multiple port published 2008-07-25 reporter Marc Bevand source https://www.exploit-db.com/download/6130/ title BIND 9.x - Remote DNS Cache Poisoning Flaw Exploit c type remote
Metasploit
description This exploit attacks a fairly ubiquitous flaw in DNS implementations which Dan Kaminsky found and disclosed ~Jul 2008. This exploit replaces the target domains nameserver entries in a vulnerable DNS cache server. This attack works by sending random hostname queries to the target DNS server coupled with spoofed replies to those queries from the authoritative nameservers for that domain. Eventually, a guessed ID will match, the spoofed packet will get accepted, and the nameserver entries for the target domain will be replaced by the server specified in the NEWDNS option of this exploit. id MSF:AUXILIARY/SPOOF/DNS/BAILIWICKED_DOMAIN last seen 2020-03-15 modified 2017-07-24 published 2008-10-27 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/spoof/dns/bailiwicked_domain.rb title DNS BailiWicked Domain Attack description This exploit attacks a fairly ubiquitous flaw in DNS implementations which Dan Kaminsky found and disclosed ~Jul 2008. This exploit caches a single malicious host entry into the target nameserver by sending random hostname queries to the target DNS server coupled with spoofed replies to those queries from the authoritative nameservers for that domain. Eventually, a guessed ID will match, the spoofed packet will get accepted, and due to the additional hostname entry being within bailiwick constraints of the original request the malicious host entry will get cached. id MSF:AUXILIARY/SPOOF/DNS/BAILIWICKED_HOST last seen 2019-11-06 modified 2017-07-24 published 2008-12-19 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/spoof/dns/bailiwicked_host.rb title DNS BailiWicked Host Attack
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200812-17.NASL description The remote host is affected by the vulnerability described in GLSA-200812-17 (Ruby: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the Ruby interpreter and its standard libraries. Drew Yao of Apple Product Security discovered the following flaws: Arbitrary code execution or Denial of Service (memory corruption) in the rb_str_buf_append() function (CVE-2008-2662). Arbitrary code execution or Denial of Service (memory corruption) in the rb_ary_stor() function (CVE-2008-2663). Memory corruption via alloca in the rb_str_format() function (CVE-2008-2664). Memory corruption ( last seen 2020-06-01 modified 2020-06-02 plugin id 35188 published 2008-12-17 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35188 title GLSA-200812-17 : Ruby: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2009-1069.NASL description Update to newer upstream version - 2.45. Version of dnsmasq previously shipped in Fedora 9 did not properly drop privileges, causing it to run as root instead of intended user nobody. Issue was caused by a bug in kernel-headers used in build environment of the original packages. (#454415) New upstream version also adds DNS query source port randomization, mitigating DNS spoofing attacks. (CVE-2008-1447) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 35693 published 2009-02-17 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35693 title Fedora 9 : dnsmasq-2.45-1.fc9 (2009-1069) NASL family Fedora Local Security Checks NASL id FEDORA_2008-6256.NASL description 9.5.0-P1 release which contains fix for CVE-2008-1447. This update also fixes typo in bind-sdb summary and fixes parsing of inner ACLs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33468 published 2008-07-10 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33468 title Fedora 9 : bind-9.5.0-33.P1.fc9 (2008-6256) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1619.NASL description Multiple weaknesses have been identified in PyDNS, a DNS client implementation for the Python language. Dan Kaminsky identified a practical vector of DNS response spoofing and cache poisoning, exploiting the limited entropy in a DNS transaction ID and lack of UDP source port randomization in many DNS implementations. Scott Kitterman noted that python-dns is vulnerable to this predictability, as it randomizes neither its transaction ID nor its source port. Taken together, this lack of entropy leaves applications using python-dns to perform DNS queries highly susceptible to response forgery. The Common Vulnerabilities and Exposures project identifies this class of weakness as CVE-2008-1447 and this specific instance in PyDNS as CVE-2008-4099. last seen 2020-06-01 modified 2020-06-02 plugin id 33739 published 2008-07-28 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33739 title Debian DSA-1619-1 : python-dns - DNS response spoofing NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-139.NASL description A weakness was found in the DNS protocol by Dan Kaminsky. A remote attacker could exploit this weakness to spoof DNS entries and poison DNS caches. This could be used to misdirect users and services; i.e. for web and email traffic (CVE-2008-1447). This update provides the latest stable BIND releases for all platforms except Corporate Server/Desktop 3.0 and MNF2, which have been patched to correct the issue. last seen 2020-06-01 modified 2020-06-02 plugin id 36526 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36526 title Mandriva Linux Security Advisory : bind (MDVSA-2008:139) NASL family DNS NASL id DNS_NON_RANDOM_SOURCE_PORTS.NASL description The remote DNS resolver does not use random ports when making queries to third-party DNS servers. An unauthenticated, remote attacker can exploit this to poison the remote DNS server, allowing the attacker to divert legitimate traffic to arbitrary sites. last seen 2020-06-01 modified 2020-06-02 plugin id 33447 published 2008-07-09 reporter This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33447 title Multiple Vendor DNS Query ID Field Prediction Cache Poisoning NASL family Fedora Local Security Checks NASL id FEDORA_2008-8738.NASL description Update to new upstream release fixing multiple security issues detailed in the upstream advisories: http://www.ruby-lang.org/en/news/2008/08/08/multiple- vulnerabilities-in-ruby/ - CVE-2008-3655 - multiple insufficient safe mode restrictions - CVE-2008-3656 - WEBrick DoS vulnerability (CPU consumption) - CVE-2008-3657 - missing last seen 2020-06-01 modified 2020-06-02 plugin id 34380 published 2008-10-10 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34380 title Fedora 9 : ruby-1.8.6.287-2.fc9 (2008-8738) NASL family SuSE Local Security Checks NASL id SUSE_DNSMASQ-5512.NASL description This update of dnsmasq uses random UDP source ports and a random TRXID now. (CVE-2008-1447) last seen 2020-06-01 modified 2020-06-02 plugin id 33895 published 2008-08-15 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33895 title openSUSE 10 Security Update : dnsmasq (dnsmasq-5512) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2008-005.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-005 applied. This update contains security fixes for a number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 33790 published 2008-08-01 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33790 title Mac OS X Multiple Vulnerabilities (Security Update 2008-005) NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_36973.NASL description s700_800 11.23 Bind 9.2.0 components : A potential vulnerability has been identified with HP-UX running BIND. The vulnerability could be exploited remotely to cause DNS cache poisoning. last seen 2020-06-01 modified 2020-06-02 plugin id 26139 published 2007-09-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26139 title HP-UX PHNE_36973 : HP-UX Running BIND, Remote DNS Cache Poisoning (HPSBUX02251 SSRT071449 rev.3) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2008-334-01.NASL description New ruby packages are available for Slackware 11.0, 12.0, and 12.1 to fix bugs and a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 34972 published 2008-12-01 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34972 title Slackware 11.0 / 12.0 / 12.1 : ruby (SSA:2008-334-01) NASL family SuSE Local Security Checks NASL id SUSE_11_0_BIND-080708.NASL description The transaction id and the UDP source port used for DNS queries by the bind nameserver were predicatable. Attackers could potentially exploit that weakness to manipulate the DNS cache ( last seen 2020-06-01 modified 2020-06-02 plugin id 39920 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39920 title openSUSE Security Update : bind (bind-82) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200807-08.NASL description The remote host is affected by the vulnerability described in GLSA-200807-08 (BIND: Cache poisoning) Dan Kaminsky of IOActive has reported a weakness in the DNS protocol related to insufficient randomness of DNS transaction IDs and query source ports. Impact : An attacker could exploit this weakness to poison the cache of a recursive resolver and thus spoof DNS traffic, which could e.g. lead to the redirection of web or mail traffic to malicious sites. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 33494 published 2008-07-15 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33494 title GLSA-200807-08 : BIND: Cache poisoning NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1623.NASL description Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. This update changes Debian last seen 2020-06-01 modified 2020-06-02 plugin id 33772 published 2008-08-01 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33772 title Debian DSA-1623-1 : dnsmasq - DNS cache poisoning NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-622-1.NASL description Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Bind. A remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33464 published 2008-07-10 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33464 title Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : bind9 vulnerability (USN-622-1) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2009-0022.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-2957 Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request. CVE-2009-2958 The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option. - problems with strings when enabling tftp (CVE-2009-2957, CVE-2009-2957) - Resolves: rhbg#519021 - update to new upstream version - fixes for CVE-2008-1447/CERT VU#800113 - Resolves: rhbz#454869 last seen 2020-06-01 modified 2020-06-02 plugin id 79464 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79464 title OracleVM 2.1 : dnsmasq (OVMSA-2009-0022) NASL family Fedora Local Security Checks NASL id FEDORA_2008-6281.NASL description 9.5.0-P1 release which contains fix for CVE-2008-1447. This update also fixes parsing of inner ACLs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33470 published 2008-07-10 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33470 title Fedora 8 : bind-9.5.0-28.P1.fc8 (2008-6281) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0789.NASL description An updated dnsmasq package that implements UDP source-port randomization is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Dnsmasq is lightweight DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. The dnsmasq DNS resolver used a fixed source UDP port. This could have made DNS spoofing attacks easier. dnsmasq has been updated to use random UDP source ports, helping to make DNS spoofing attacks harder. (CVE-2008-1447) All dnsmasq users are advised to upgrade to this updated package, that upgrades dnsmasq to version 2.45, which resolves this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 33865 published 2008-08-12 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33865 title RHEL 5 : dnsmasq (RHSA-2008:0789) NASL family CISCO NASL id CISCO-SA-20080708-DNSHTTP.NASL description Multiple Cisco products are vulnerable to DNS cache poisoning attacks due to their use of insufficiently randomized DNS transaction IDs and UDP source ports in the DNS queries that they produce, which may allow an attacker to more easily forge DNS answers that can poison DNS caches. To exploit this vulnerability an attacker must be able to cause a vulnerable DNS server to perform recursive DNS queries. Therefore, DNS servers that are only authoritative, or servers where recursion is not allowed, are not affected. Cisco has released free software updates that address these vulnerabilities. last seen 2020-03-17 modified 2010-09-01 plugin id 49017 published 2010-09-01 reporter This script is (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49017 title Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_109327.NASL description SunOS 5.8_x86: libresolv.so.2, in.named an. Date this patch was last updated by Sun : Mar/09/09 last seen 2020-06-01 modified 2020-06-02 plugin id 13429 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13429 title Solaris 8 (x86) : 109327-24 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114265.NASL description SunOS 5.9_x86: in.dhcpd libresolv and BIND. Date this patch was last updated by Sun : Jul/21/11 last seen 2020-06-01 modified 2020-06-02 plugin id 27094 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27094 title Solaris 9 (x86) : 114265-23 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-651-1.NASL description Akira Tagoh discovered a vulnerability in Ruby which lead to an integer overflow. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2376) Laurent Gaffie discovered that Ruby did not properly check for memory allocation failures. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service. (CVE-2008-3443) Keita Yamaguchi discovered several safe level vulnerabilities in Ruby. An attacker could use this to bypass intended access restrictions. (CVE-2008-3655) Keita Yamaguchi discovered that WEBrick in Ruby did not properly validate paths ending with last seen 2020-06-01 modified 2020-06-02 plugin id 37068 published 2009-04-23 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37068 title Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : ruby1.8 vulnerabilities (USN-651-1) NASL family SuSE Local Security Checks NASL id SUSE_BIND-5410.NASL description The transaction id and the UDP source port used for DNS queries by the bind nameserver were predicatable. Attackers could potentially exploit that weakness to manipulate the DNS cache ( last seen 2020-06-01 modified 2020-06-02 plugin id 33501 published 2008-07-15 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33501 title openSUSE 10 Security Update : bind (bind-5410) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1605.NASL description Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS spoofing and cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. last seen 2017-10-29 modified 2012-12-28 plugin id 33452 published 2008-07-10 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=33452 title Debian DSA-1605-1 : glibc - DNS cache poisoning NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-627-1.NASL description Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Dnsmasq. A remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33560 published 2008-07-23 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33560 title Ubuntu 8.04 LTS : dnsmasq vulnerability (USN-627-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_959D384D6B5911DD9D79001FC61C2A55.NASL description The official ruby site reports : resolv.rb allow remote attackers to spoof DNS answers. This risk can be reduced by randomness of DNS transaction IDs and source ports. last seen 2020-06-01 modified 2020-06-02 plugin id 33905 published 2008-08-17 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33905 title FreeBSD : ruby -- DNS spoofing vulnerability (959d384d-6b59-11dd-9d79-001fc61c2a55) NASL family DNS NASL id MS_DNS_KB951746.NASL description According to its self-reported version number, the Microsoft DNS Server running on the remote host contains issues in the DNS library that could allow an attacker to send malicious DNS responses to DNS requests made by the remote host thereby spoofing or redirecting internet traffic from legitimate locations. last seen 2020-06-01 modified 2020-06-02 plugin id 72834 published 2014-03-05 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72834 title MS08-037: Vulnerabilities in DNS Could Allow Spoofing (951746) (uncredentialed check) NASL family Solaris Local Security Checks NASL id SOLARIS8_109326.NASL description SunOS 5.8: libresolv.so.2, in.named and BI. Date this patch was last updated by Sun : Mar/09/09 last seen 2020-06-01 modified 2020-06-02 plugin id 13321 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13321 title Solaris 8 (sparc) : 109326-24 NASL family Solaris Local Security Checks NASL id SOLARIS9_112837.NASL description SunOS 5.9: in.dhcpd libresolv and BIND9 pa. Date this patch was last updated by Sun : Jul/21/11 last seen 2020-06-01 modified 2020-06-02 plugin id 26165 published 2007-09-25 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26165 title Solaris 9 (sparc) : 112837-24 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1617.NASL description In DSA-1603-1, Debian released an update to the BIND 9 domain name server, which introduced UDP source port randomization to mitigate the threat of DNS cache poisoning attacks (identified by the Common Vulnerabilities and Exposures project as CVE-2008-1447 ). The fix, while correct, was incompatible with the version of SELinux Reference Policy shipped with Debian Etch, which did not permit a process running in the named_t domain to bind sockets to UDP ports other than the standard last seen 2020-06-01 modified 2020-06-02 plugin id 33737 published 2008-07-28 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33737 title Debian DSA-1617-1 : refpolicy - incompatible policy NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2008-006.NASL description The remote host is running a version of Mac OS X 10.4 that does not have the security update 2008-006 applied. This update contains security fixes for a number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 34210 published 2008-09-16 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34210 title Mac OS X Multiple Vulnerabilities (Security Update 2008-006) NASL family CISCO NASL id CISCO-SA-20080924-IOSIPSHTTP.NASL description The Cisco IOS Intrusion Prevention System (IPS) feature contains a vulnerability in the processing of certain IPS signatures that use the SERVICE.DNS engine. This vulnerability may cause a router to crash or hang, resulting in a denial of service condition. Cisco has released free software updates that address this vulnerability. There is a workaround for this vulnerability. Note: This vulnerability is not related in any way to CVE-2008-1447 - Cache poisoning attacks. last seen 2019-10-28 modified 2010-09-01 plugin id 49019 published 2010-09-01 reporter This script is (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49019 title Cisco IOS IPS Denial of Service Vulnerability - Cisco Systems NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1603.NASL description Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. This update changes Debian last seen 2020-06-01 modified 2020-06-02 plugin id 33450 published 2008-07-10 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33450 title Debian DSA-1603-1 : bind9 - DNS cache poisoning NASL family SuSE Local Security Checks NASL id SUSE_BIND-5409.NASL description The transaction id and the udp source port used for DNS queries by the bind nameserver were predicatable. Attackers could potentially exploit that weakness to manipulate the DNS cache ( last seen 2020-06-01 modified 2020-06-02 plugin id 33500 published 2008-07-15 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33500 title SuSE 10 Security Update : bind (ZYPP Patch Number 5409) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2020-0021.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details. last seen 2020-06-10 modified 2020-06-05 plugin id 137170 published 2020-06-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137170 title OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201209-25.NASL description The remote host is affected by the vulnerability described in GLSA-201209-25 (VMware Player, Server, Workstation: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VMware Player, Server, and Workstation. Please review the CVE identifiers referenced below for details. Impact : Local users may be able to gain escalated privileges, cause a Denial of Service, or gain sensitive information. A remote attacker could entice a user to open a specially crafted file, possibly resulting in the remote execution of arbitrary code, or a Denial of Service. Remote attackers also may be able to spoof DNS traffic, read arbitrary files, or inject arbitrary web script to the VMware Server Console. Furthermore, guest OS users may be able to execute arbitrary code on the host OS, gain escalated privileges on the guest OS, or cause a Denial of Service (crash the host OS). Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 62383 published 2012-10-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62383 title GLSA-201209-25 : VMware Player, Server, Workstation: Multiple vulnerabilities NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_37865.NASL description s700_800 11.23 Bind 9.2.0 components : A potential security vulnerability has been identified with HP-UX running BIND. The vulnerability could be exploited remotely to cause DNS cache poisoning. last seen 2020-06-01 modified 2020-06-02 plugin id 33864 published 2008-08-12 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33864 title HP-UX PHNE_37865 : HP-UX Running BIND, Remote DNS Cache Poisoning (HPSBUX02351 SSRT080058 rev.6) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2008-191-02.NASL description New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to address a security problem. last seen 2020-06-01 modified 2020-06-02 plugin id 54869 published 2011-05-28 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/54869 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 8.1 / 9.0 / 9.1 / current : bind (SSA:2008-191-02) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0533.NASL description Updated bind packages that help mitigate DNS spoofing attacks are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 10th July 2008] We have updated the Enterprise Linux 5 packages in this advisory. The default and sample caching-nameserver configuration files have been updated so that they do not specify a fixed query-source port. Administrators wishing to take advantage of randomized UDP source ports should check their configuration file to ensure they have not specified fixed query-source ports. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. The DNS protocol protects against spoofing attacks by requiring an attacker to predict both the DNS transaction ID and UDP source port of a request. In recent years, a number of papers have found problems with DNS implementations which make it easier for an attacker to perform DNS cache-poisoning attacks. Previous versions of BIND did not use randomized UDP source ports. If an attacker was able to predict the random DNS transaction ID, this could make DNS cache-poisoning attacks easier. In order to provide more resilience, BIND has been updated to use a range of random UDP source ports. (CVE-2008-1447) Note: This errata also updates SELinux policy on Red Hat Enterprise Linux 4 and 5 to allow BIND to use random UDP source ports. Users of BIND are advised to upgrade to these updated packages, which contain a backported patch to add this functionality. Red Hat would like to thank Dan Kaminsky for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 33462 published 2008-07-10 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33462 title RHEL 2.1 / 3 / 4 / 5 : bind (RHSA-2008:0533) NASL family Scientific Linux Local Security Checks NASL id SL_20080711_BIND_ON_SL_3_0_X.NASL description The DNS protocol protects against spoofing attacks by requiring an attacker to predict both the DNS transaction ID and UDP source port of a request. In recent years, a number of papers have found problems with DNS implementations which make it easier for an attacker to perform DNS cache-poisoning attacks. Previous versions of BIND did not use randomized UDP source ports. If an attacker was able to predict the random DNS transaction ID, this could make DNS cache-poisoning attacks easier. In order to provide more resilience, BIND has been updated to use a range of random UDP source ports. (CVE-2008-1447) Note: This errata also updates SELinux policy to allow BIND to use random UDP source ports. last seen 2020-06-01 modified 2020-06-02 plugin id 60437 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60437 title Scientific Linux Security Update : bind on SL 3.0.x , SL 4.x, SL 5.x NASL family SuSE Local Security Checks NASL id SUSE_11_0_DNSMASQ-080813.NASL description This update of dnsmasq uses random UDP source ports and a random TRXID now. (CVE-2008-1447) last seen 2020-06-01 modified 2020-06-02 plugin id 39951 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39951 title openSUSE Security Update : dnsmasq (dnsmasq-147) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200809-02.NASL description The remote host is affected by the vulnerability described in GLSA-200809-02 (dnsmasq: Denial of Service and DNS spoofing) Dan Kaminsky of IOActive reported that dnsmasq does not randomize UDP source ports when forwarding DNS queries to a recursing DNS server (CVE-2008-1447). Carlos Carvalho reported that dnsmasq in the 2.43 version does not properly handle clients sending inform or renewal queries for unknown DHCP leases, leading to a crash (CVE-2008-3350). Impact : A remote attacker could send spoofed DNS response traffic to dnsmasq, possibly involving generating queries via multiple vectors, and spoof DNS replies, which could e.g. lead to the redirection of web or mail traffic to malicious sites. Furthermore, an attacker could generate invalid DHCP traffic and cause a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 34091 published 2008-09-05 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34091 title GLSA-200809-02 : dnsmasq: Denial of Service and DNS spoofing NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS08-037.NASL description Flaws in the remote DNS library may let an attacker send malicious DNS responses to DNS requests made by the remote host, thereby spoofing or redirecting internet traffic from legitimate locations. last seen 2020-06-01 modified 2020-06-02 plugin id 33441 published 2008-07-08 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33441 title MS08-037: Vulnerabilities in DNS Could Allow Spoofing (953230) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2008-0014.NASL description I Security Issues a. Setting ActiveX kill bit Starting from this release, VMware has set the kill bit on its ActiveX controls. Setting the kill bit ensures that ActiveX controls cannot run in Internet Explorer (IE), and avoids security issues involving ActiveX controls in IE. See the Microsoft KB article 240797 and the related references on this topic. Security vulnerabilities have been reported for ActiveX controls provided by VMware when run in IE. Under specific circumstances, exploitation of these ActiveX controls might result in denial-of- service or can allow running of arbitrary code when the user browses a malicious Web site or opens a malicious file in IE browser. An attempt to run unsafe ActiveX controls in IE might result in pop-up windows warning the user. Note: IE can be configured to run unsafe ActiveX controls without prompting. VMware recommends that you retain the default settings in IE, which prompts when unsafe actions are requested. Earlier, VMware had issued knowledge base articles, KB 5965318 and KB 9078920 on security issues with ActiveX controls. To avoid malicious scripts that exploit ActiveX controls, do not enable unsafe ActiveX objects in your browser settings. As a best practice, do not browse untrusted Web sites as an administrator and do not click OK or Yes if prompted by IE to allow certain actions. VMware would like to thank Julien Bachmann, Shennan Wang, Shinnai, and Michal Bucko for reporting these issues to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2007-5438, and CVE-2008-3696 to the security issues with VMware ActiveX controls. b. VMware ISAPI Extension Denial of Service The Internet Server Application Programming Interface (ISAPI) is an API that extends the functionality of Internet Information Server (IIS). VMware uses ISAPI extensions in its Server product. One of the ISAPI extensions provided by VMware is vulnerable to a remote denial of service. By sending a malformed request, IIS might shut down. IIS 6.0 restarts automatically. However, IIS 5.0 does not restart automatically when its Startup Type is set to Manual. VMware would like to thank the Juniper Networks J-Security Security Research Team for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-3697 to this issue. c. OpenProcess Local Privilege Escalation on Host System This release fixes a privilege escalation vulnerability in host systems. Exploitation of this vulnerability allows users to run arbitrary code on the host system with elevated privileges. VMware would like to thank Sun Bing from McAfee, Inc. for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2008-3698 to this issue. d. Update to Freetype FreeType 2.3.6 resolves an integer overflow vulnerability and other vulnerabilities that can allow malicious users to run arbitrary code or might cause a denial-of-service after reading a maliciously crafted file. This release updates FreeType to 2.3.7. The Common Vulnerabilities and Exposures Project (cve.mitre.com) has assigned the names CVE-2008-1806, CVE-2008-1807, and CVE-2008-1808 to the issues resolved in Freetype 2.3.6. e. Update to Cairo Cairo 1.4.12 resolves an integer overflow vulnerability that can allow malicious users to run arbitrary code or might cause a denial-of-service after reading a maliciously crafted PNG file. This release updates Cairo to 1.4.14. The Common Vulnerabilities and Exposures (cve.mitre.com) has assigned the name CVE-2007-5503 to this issue. f. VMware Consolidated Backup (VCB) command-line utilities may expose sensitive information VMware Consolidated Backup command-line utilities accept the user password through the -p command-line option. Users logged into the ESX service console or into the system that runs VCB could gain access to the username and password used by VCB command-line utilities when such commands are running. The ESX patch and the new version of VCB resolve this issue by providing an alternative way of passing the password used by VCB command-line utilities. VCB in ESX ---------- The following options are recommended for passing the password : 1. The password is specified in /etc/backuptools.conf (PASSWORD=xxxxx), and -p is not used in the command line. /etc/backuptools.conf file permissions are read/write only for root. 2. No password is specified in /etc/backuptools.conf and the -p option is not used in the command line. The user will be prompted to enter a password. ESX is not affected unless you use VCB. Stand-alone VCB --------------- The following options are recommended for passing the password : 1. The password is specified in config.js (PASSWORD=xxxxx), and -p is not used in the command line. The file permissions on config.js are read/write only for the administrator. The config.js file is located in folder last seen 2020-06-01 modified 2020-06-02 plugin id 40382 published 2009-07-27 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40382 title VMSA-2008-0014 : Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX, VMware VCB address information disclosure, privilege escalation and other security issues. NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0789.NASL description From Red Hat Security Advisory 2008:0789 : An updated dnsmasq package that implements UDP source-port randomization is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Dnsmasq is lightweight DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. The dnsmasq DNS resolver used a fixed source UDP port. This could have made DNS spoofing attacks easier. dnsmasq has been updated to use random UDP source ports, helping to make DNS spoofing attacks harder. (CVE-2008-1447) All dnsmasq users are advised to upgrade to this updated package, that upgrades dnsmasq to version 2.45, which resolves this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67735 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67735 title Oracle Linux 5 : dnsmasq (ELSA-2008-0789) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0533.NASL description Updated bind packages that help mitigate DNS spoofing attacks are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 10th July 2008] We have updated the Enterprise Linux 5 packages in this advisory. The default and sample caching-nameserver configuration files have been updated so that they do not specify a fixed query-source port. Administrators wishing to take advantage of randomized UDP source ports should check their configuration file to ensure they have not specified fixed query-source ports. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. The DNS protocol protects against spoofing attacks by requiring an attacker to predict both the DNS transaction ID and UDP source port of a request. In recent years, a number of papers have found problems with DNS implementations which make it easier for an attacker to perform DNS cache-poisoning attacks. Previous versions of BIND did not use randomized UDP source ports. If an attacker was able to predict the random DNS transaction ID, this could make DNS cache-poisoning attacks easier. In order to provide more resilience, BIND has been updated to use a range of random UDP source ports. (CVE-2008-1447) Note: This errata also updates SELinux policy on Red Hat Enterprise Linux 4 and 5 to allow BIND to use random UDP source ports. Users of BIND are advised to upgrade to these updated packages, which contain a backported patch to add this functionality. Red Hat would like to thank Dan Kaminsky for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 33448 published 2008-07-10 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33448 title CentOS 3 / 4 / 5 : bind / selinux-policy (CESA-2008:0533) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200901-03.NASL description The remote host is affected by the vulnerability described in GLSA-200901-03 (pdnsd: Denial of Service and cache poisoning) Two issues have been reported in pdnsd: The p_exec_query() function in src/dns_query.c does not properly handle many entries in the answer section of a DNS reply, related to a last seen 2020-06-01 modified 2020-06-02 plugin id 35347 published 2009-01-12 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35347 title GLSA-200901-03 : pdnsd: Denial of Service and cache poisoning NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0066.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776) last seen 2020-06-01 modified 2020-06-02 plugin id 99569 published 2017-04-21 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99569 title OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL8938.NASL description The remote BIG-IP device is missing a patch required by a security advisory. last seen 2020-06-01 modified 2020-06-02 plugin id 78224 published 2014-10-10 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78224 title F5 Networks BIG-IP : BIND DNS cache poisoning vulnerability (SOL8938) NASL family Scientific Linux Local Security Checks NASL id SL_20080811_DNSMASQ_ON_SL5_X.NASL description The dnsmasq DNS resolver used a fixed source UDP port. This could have made DNS spoofing attacks easier. dnsmasq has been updated to use random UDP source ports, helping to make DNS spoofing attacks harder. (CVE-2008-1447) last seen 2020-06-01 modified 2020-06-02 plugin id 60462 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60462 title Scientific Linux Security Update : dnsmasq on SL5.x i386/x86_64 NASL family MacOS X Local Security Checks NASL id MACOSX_10_5_5.NASL description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.5. Mac OS X 10.5.5 contains security fixes for a number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 34211 published 2008-09-16 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34211 title Mac OS X 10.5.x < 10.5.5 Multiple Vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0533.NASL description From Red Hat Security Advisory 2008:0533 : Updated bind packages that help mitigate DNS spoofing attacks are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 10th July 2008] We have updated the Enterprise Linux 5 packages in this advisory. The default and sample caching-nameserver configuration files have been updated so that they do not specify a fixed query-source port. Administrators wishing to take advantage of randomized UDP source ports should check their configuration file to ensure they have not specified fixed query-source ports. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. The DNS protocol protects against spoofing attacks by requiring an attacker to predict both the DNS transaction ID and UDP source port of a request. In recent years, a number of papers have found problems with DNS implementations which make it easier for an attacker to perform DNS cache-poisoning attacks. Previous versions of BIND did not use randomized UDP source ports. If an attacker was able to predict the random DNS transaction ID, this could make DNS cache-poisoning attacks easier. In order to provide more resilience, BIND has been updated to use a range of random UDP source ports. (CVE-2008-1447) Note: This errata also updates SELinux policy on Red Hat Enterprise Linux 4 and 5 to allow BIND to use random UDP source ports. Users of BIND are advised to upgrade to these updated packages, which contain a backported patch to add this functionality. Red Hat would like to thank Dan Kaminsky for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67709 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67709 title Oracle Linux 3 / 4 / 5 : bind (ELSA-2008-0533) NASL family SuSE Local Security Checks NASL id SUSE9_12197.NASL description The transaction id and the udp source port used for DNS queries by the bind nameserver were predictable. Attackers could potentially exploit that weakness to manipulate the DNS cache ( last seen 2020-06-01 modified 2020-06-02 plugin id 41221 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41221 title SuSE9 Security Update : bind (YOU Patch Number 12197) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1604.NASL description Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. last seen 2017-10-29 modified 2013-06-03 plugin id 33451 published 2008-07-10 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=33451 title Debian DSA-1604-1 : bind - DNS cache poisoning NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2008-205-01.NASL description New dnsmasq packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to address possible DNS cache poisoning issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33565 published 2008-07-24 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33565 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : dnsmasq (SSA:2008-205-01)
Oval
accepted 2015-04-20T04:00:16.171-04:00 class vulnerability contributors name K, Balamurugan organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Prashant Kumar organization Hewlett-Packard name Mike Cokus organization The MITRE Corporation
description The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug." family unix id oval:org.mitre.oval:def:12117 status accepted submitted 2011-02-01T11:17:11.000-05:00 title HP-UX Running BIND, Remote DNS Cache Poisoning version 50 accepted 2011-11-14T04:00:45.190-05:00 class vulnerability contributors name Jeff Ito organization Secure Elements, Inc. name Chandan S organization SecPod Technologies
definition_extensions comment Microsoft Windows 2000 SP4 or later is installed oval oval:org.mitre.oval:def:229 comment Microsoft Windows XP (x86) SP2 is installed oval oval:org.mitre.oval:def:754 comment Microsoft Windows XP (x86) SP3 is installed oval oval:org.mitre.oval:def:5631 comment Microsoft Windows XP Professional x64 Edition SP1 is installed oval oval:org.mitre.oval:def:720 comment Microsoft Windows XP x64 Edition SP2 is installed oval oval:org.mitre.oval:def:4193 comment Microsoft Windows Server 2003 SP1 (x86) is installed oval oval:org.mitre.oval:def:565 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows Server 2003 SP1 for Itanium is installed oval oval:org.mitre.oval:def:1205 comment Microsoft Windows Server 2003 SP2 (x86) is installed oval oval:org.mitre.oval:def:1935 comment Microsoft Windows Server 2003 SP2 (x64) is installed oval oval:org.mitre.oval:def:2161 comment Microsoft Windows Server 2003 (ia64) SP2 is installed oval oval:org.mitre.oval:def:1442
description The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug." family windows id oval:org.mitre.oval:def:5725 status accepted submitted 2008-07-08T14:18:00 title DNS Insufficient Socket Entropy Vulnerability version 71 accepted 2015-04-20T04:02:27.378-04:00 class vulnerability contributors name Michael Wood organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Prashant Kumar organization Hewlett-Packard name Mike Cokus organization The MITRE Corporation
description The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug." family unix id oval:org.mitre.oval:def:5761 status accepted submitted 2008-08-06T17:38:46.000-04:00 title HP-UX Running BIND, Remote DNS Cache Poisoning version 47 accepted 2009-10-05T04:00:05.186-04:00 class vulnerability contributors name Pai Peng organization Hewlett-Packard definition_extensions comment Solaris 8 (SPARC) is installed oval oval:org.mitre.oval:def:1539 comment Solaris 9 (SPARC) is installed oval oval:org.mitre.oval:def:1457 comment Solaris 10 (SPARC) is installed oval oval:org.mitre.oval:def:1440 comment Solaris 8 (x86) is installed oval oval:org.mitre.oval:def:2059 comment Solaris 9 (x86) is installed oval oval:org.mitre.oval:def:1683 comment Solaris 10 (x86) is installed oval oval:org.mitre.oval:def:1926
description The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug." family unix id oval:org.mitre.oval:def:5917 status accepted submitted 2009-08-25T16:38:09.000-04:00 title Security Vulnerability in the DNS Protocol May Lead to DNS Cache Poisoning version 34 accepted 2013-04-29T04:20:49.236-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug." family unix id oval:org.mitre.oval:def:9627 status accepted submitted 2010-07-09T03:56:16-04:00 title The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug." version 28
Packetstorm
data source https://packetstormsecurity.com/files/download/68473/bailiwicked_domain.rb.txt id PACKETSTORM:68473 last seen 2016-12-05 published 2008-07-24 reporter H D Moore source https://packetstormsecurity.com/files/68473/bailiwicked_domain.rb.txt.html title bailiwicked_domain.rb.txt data source https://packetstormsecurity.com/files/download/68471/bailiwicked_host.rb.txt id PACKETSTORM:68471 last seen 2016-12-05 published 2008-07-24 reporter H D Moore source https://packetstormsecurity.com/files/68471/bailiwicked_host.rb.txt.html title bailiwicked_host.rb.txt data source https://packetstormsecurity.com/files/download/68500/bind9x-poison.txt id PACKETSTORM:68500 last seen 2016-12-05 published 2008-07-25 reporter Marc Bevand source https://packetstormsecurity.com/files/68500/bind9x-poison.txt.html title bind9x-poison.txt
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
bulletinFamily exploit description No description provided by source. id SSV:9168 last seen 2017-11-19 modified 2008-07-24 published 2008-07-24 reporter Root source https://www.seebug.org/vuldb/ssvid-9168 title BIND 9.4.1-9.4.2 Remote DNS Cache Poisoning Flaw Exploit (py) bulletinFamily exploit description No description provided by source. id SSV:17308 last seen 2017-11-19 modified 2008-07-24 published 2008-07-24 reporter Root source https://www.seebug.org/vuldb/ssvid-17308 title BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py) bulletinFamily exploit description No description provided by source. id SSV:9165 last seen 2017-11-19 modified 2008-07-24 published 2008-07-24 reporter Root source https://www.seebug.org/vuldb/ssvid-9165 title BIND 9.4.1-9.4.2 Remote DNS Cache Poisoning Flaw Exploit (meta) bulletinFamily exploit description No description provided by source. id SSV:9178 last seen 2017-11-19 modified 2008-07-26 published 2008-07-26 reporter Root source https://www.seebug.org/vuldb/ssvid-9178 title BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c) bulletinFamily exploit description No description provided by source. id SSV:65607 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-65607 title BIND 9.4.1-9.4.2 - Remote DNS Cache Poisoning Flaw Exploit (meta)
Statements
| contributor | Mark J Cox |
| lastmodified | 2008-07-09 |
| organization | Red Hat |
| statement | http://rhn.redhat.com/errata/RHSA-2008-0533.html |
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc
- http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368
- http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
- http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
- http://marc.info/?l=bugtraq&m=121630706004256&w=2
- http://marc.info/?l=bugtraq&m=121866517322103&w=2
- http://marc.info/?l=bugtraq&m=123324863916385&w=2
- http://marc.info/?l=bugtraq&m=141879471518471&w=2
- http://rhn.redhat.com/errata/RHSA-2008-0533.html
- http://secunia.com/advisories/30925
- http://secunia.com/advisories/30973
- http://secunia.com/advisories/30977
- http://secunia.com/advisories/30979
- http://secunia.com/advisories/30980
- http://secunia.com/advisories/30988
- http://secunia.com/advisories/30989
- http://secunia.com/advisories/30998
- http://secunia.com/advisories/31011
- http://secunia.com/advisories/31012
- http://secunia.com/advisories/31014
- http://secunia.com/advisories/31019
- http://secunia.com/advisories/31022
- http://secunia.com/advisories/31030
- http://secunia.com/advisories/31031
- http://secunia.com/advisories/31033
- http://secunia.com/advisories/31052
- http://secunia.com/advisories/31065
- http://secunia.com/advisories/31072
- http://secunia.com/advisories/31093
- http://secunia.com/advisories/31094
- http://secunia.com/advisories/31137
- http://secunia.com/advisories/31143
- http://secunia.com/advisories/31151
- http://secunia.com/advisories/31152
- http://secunia.com/advisories/31153
- http://secunia.com/advisories/31169
- http://secunia.com/advisories/31197
- http://secunia.com/advisories/31199
- http://secunia.com/advisories/31204
- http://secunia.com/advisories/31207
- http://secunia.com/advisories/31209
- http://secunia.com/advisories/31212
- http://secunia.com/advisories/31213
- http://secunia.com/advisories/31221
- http://secunia.com/advisories/31236
- http://secunia.com/advisories/31237
- http://secunia.com/advisories/31254
- http://secunia.com/advisories/31326
- http://secunia.com/advisories/31354
- http://secunia.com/advisories/31422
- http://secunia.com/advisories/31430
- http://secunia.com/advisories/31451
- http://secunia.com/advisories/31482
- http://secunia.com/advisories/31495
- http://secunia.com/advisories/31588
- http://secunia.com/advisories/31687
- http://secunia.com/advisories/31823
- http://secunia.com/advisories/31882
- http://secunia.com/advisories/31900
- http://secunia.com/advisories/33178
- http://secunia.com/advisories/33714
- http://secunia.com/advisories/33786
- http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc
- http://security.gentoo.org/glsa/glsa-200807-08.xml
- http://security.gentoo.org/glsa/glsa-200812-17.xml
- http://security.gentoo.org/glsa/glsa-201209-25.xml
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.452680
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.539239
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-240048-1
- http://support.apple.com/kb/HT3026
- http://support.apple.com/kb/HT3129
- http://support.citrix.com/article/CTX117991
- http://support.citrix.com/article/CTX118183
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=762152
- http://up2date.astaro.com/2008/08/up2date_7202_released.html
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231
- http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
- http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning
- http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
- http://www.caughq.org/exploits/CAU-EX-2008-0003.txt
- http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml
- http://www.debian.org/security/2008/dsa-1603
- http://www.debian.org/security/2008/dsa-1604
- http://www.debian.org/security/2008/dsa-1605
- http://www.debian.org/security/2008/dsa-1619
- http://www.debian.org/security/2008/dsa-1623
- http://www.doxpara.com/?p=1176
- http://www.doxpara.com/DMK_BO2K8.ppt
- http://www.ibm.com/support/docview.wss?uid=isg1IZ26667
- http://www.ibm.com/support/docview.wss?uid=isg1IZ26668
- http://www.ibm.com/support/docview.wss?uid=isg1IZ26669
- http://www.ibm.com/support/docview.wss?uid=isg1IZ26670
- http://www.ibm.com/support/docview.wss?uid=isg1IZ26671
- http://www.ibm.com/support/docview.wss?uid=isg1IZ26672
- http://www.ipcop.org/index.php?name=News&file=article&sid=40
- http://www.isc.org/index.pl?/sw/bind/bind-security.php
- http://www.kb.cert.org/vuls/id/800113
- http://www.kb.cert.org/vuls/id/MIMG-7DWR4J
- http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:139
- http://www.nominum.com/asset_upload_file741_2661.pdf
- http://www.novell.com/support/viewContent.do?externalId=7000912
- http://www.openbsd.org/errata42.html#013_bind
- http://www.openbsd.org/errata43.html#004_bind
- http://www.phys.uu.nl/~rombouts/pdnsd.html
- http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog
- http://www.redhat.com/support/errata/RHSA-2008-0789.html
- http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html
- http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
- http://www.securityfocus.com/archive/1/495289/100/0/threaded
- http://www.securityfocus.com/archive/1/495869/100/0/threaded
- http://www.securityfocus.com/bid/30131
- http://www.securitytracker.com/id?1020437
- http://www.securitytracker.com/id?1020438
- http://www.securitytracker.com/id?1020440
- http://www.securitytracker.com/id?1020448
- http://www.securitytracker.com/id?1020449
- http://www.securitytracker.com/id?1020548
- http://www.securitytracker.com/id?1020558
- http://www.securitytracker.com/id?1020560
- http://www.securitytracker.com/id?1020561
- http://www.securitytracker.com/id?1020575
- http://www.securitytracker.com/id?1020576
- http://www.securitytracker.com/id?1020577
- http://www.securitytracker.com/id?1020578
- http://www.securitytracker.com/id?1020579
- http://www.securitytracker.com/id?1020651
- http://www.securitytracker.com/id?1020653
- http://www.securitytracker.com/id?1020702
- http://www.securitytracker.com/id?1020802
- http://www.securitytracker.com/id?1020804
- http://www.ubuntu.com/usn/usn-622-1
- http://www.ubuntu.com/usn/usn-627-1
- http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
- http://www.us-cert.gov/cas/techalerts/TA08-190A.html
- http://www.us-cert.gov/cas/techalerts/TA08-190B.html
- http://www.us-cert.gov/cas/techalerts/TA08-260A.html
- http://www.vmware.com/security/advisories/VMSA-2008-0014.html
- http://www.vupen.com/english/advisories/2008/2019/references
- http://www.vupen.com/english/advisories/2008/2023/references
- http://www.vupen.com/english/advisories/2008/2025/references
- http://www.vupen.com/english/advisories/2008/2029/references
- http://www.vupen.com/english/advisories/2008/2030/references
- http://www.vupen.com/english/advisories/2008/2050/references
- http://www.vupen.com/english/advisories/2008/2051/references
- http://www.vupen.com/english/advisories/2008/2052/references
- http://www.vupen.com/english/advisories/2008/2055/references
- http://www.vupen.com/english/advisories/2008/2092/references
- http://www.vupen.com/english/advisories/2008/2113/references
- http://www.vupen.com/english/advisories/2008/2114/references
- http://www.vupen.com/english/advisories/2008/2123/references
- http://www.vupen.com/english/advisories/2008/2139/references
- http://www.vupen.com/english/advisories/2008/2166/references
- http://www.vupen.com/english/advisories/2008/2195/references
- http://www.vupen.com/english/advisories/2008/2196/references
- http://www.vupen.com/english/advisories/2008/2197/references
- http://www.vupen.com/english/advisories/2008/2268
- http://www.vupen.com/english/advisories/2008/2291
- http://www.vupen.com/english/advisories/2008/2334
- http://www.vupen.com/english/advisories/2008/2342
- http://www.vupen.com/english/advisories/2008/2377
- http://www.vupen.com/english/advisories/2008/2383
- http://www.vupen.com/english/advisories/2008/2384
- http://www.vupen.com/english/advisories/2008/2466
- http://www.vupen.com/english/advisories/2008/2467
- http://www.vupen.com/english/advisories/2008/2482
- http://www.vupen.com/english/advisories/2008/2525
- http://www.vupen.com/english/advisories/2008/2549
- http://www.vupen.com/english/advisories/2008/2558
- http://www.vupen.com/english/advisories/2008/2582
- http://www.vupen.com/english/advisories/2008/2584
- http://www.vupen.com/english/advisories/2009/0297
- http://www.vupen.com/english/advisories/2009/0311
- http://www.vupen.com/english/advisories/2010/0622
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-037
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43334
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43637
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12117
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5725
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5761
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5917
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9627
- https://www.exploit-db.com/exploits/6122
- https://www.exploit-db.com/exploits/6123
- https://www.exploit-db.com/exploits/6130
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html