Search for vulnerabilities
Vulnerability details: VCID-5nv9-hkcc-aaam
Vulnerability ID VCID-5nv9-hkcc-aaam
Aliases CVE-2008-1447
Summary The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-331 Insufficient Entropy
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2008:0533
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0789
epss 0.11758 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.13946 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.13946 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.13946 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.13946 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.13946 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.13946 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.13946 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.13946 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.13946 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.14575 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.14575 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.14575 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.24713 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.24713 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.24713 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.24713 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.87602 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.91602 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.91602 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.91602 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.91602 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.91602 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.91602 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.91783 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.91783 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.91783 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.91783 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.91783 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.91783 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.91783 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.91783 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.92107 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.92107 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.92107 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.92107 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.92107 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.92107 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.92309 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.92309 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.92309 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.92309 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.92309 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
epss 0.92309 https://api.first.org/data/v1/epss?cve=CVE-2008-1447
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=449345
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2008-1447
cvssv3 6.8 https://nvd.nist.gov/vuln/detail/CVE-2008-1447
cvssv3.1 6.8 https://nvd.nist.gov/vuln/detail/CVE-2008-1447
Reference id Reference type URL
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc
http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://marc.info/?l=bugtraq&m=121630706004256&w=2
http://marc.info/?l=bugtraq&m=121866517322103&w=2
http://marc.info/?l=bugtraq&m=123324863916385&w=2
http://marc.info/?l=bugtraq&m=141879471518471&w=2
http://rhn.redhat.com/errata/RHSA-2008-0533.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1447.json
https://api.first.org/data/v1/epss?cve=CVE-2008-1447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-037
http://secunia.com/advisories/30925
http://secunia.com/advisories/30973
http://secunia.com/advisories/30977
http://secunia.com/advisories/30979
http://secunia.com/advisories/30980
http://secunia.com/advisories/30988
http://secunia.com/advisories/30989
http://secunia.com/advisories/30998
http://secunia.com/advisories/31011
http://secunia.com/advisories/31012
http://secunia.com/advisories/31014
http://secunia.com/advisories/31019
http://secunia.com/advisories/31022
http://secunia.com/advisories/31030
http://secunia.com/advisories/31031
http://secunia.com/advisories/31033
http://secunia.com/advisories/31052
http://secunia.com/advisories/31065
http://secunia.com/advisories/31072
http://secunia.com/advisories/31093
http://secunia.com/advisories/31094
http://secunia.com/advisories/31137
http://secunia.com/advisories/31143
http://secunia.com/advisories/31151
http://secunia.com/advisories/31152
http://secunia.com/advisories/31153
http://secunia.com/advisories/31169
http://secunia.com/advisories/31197
http://secunia.com/advisories/31199
http://secunia.com/advisories/31204
http://secunia.com/advisories/31207
http://secunia.com/advisories/31209
http://secunia.com/advisories/31212
http://secunia.com/advisories/31213
http://secunia.com/advisories/31221
http://secunia.com/advisories/31236
http://secunia.com/advisories/31237
http://secunia.com/advisories/31254
http://secunia.com/advisories/31326
http://secunia.com/advisories/31354
http://secunia.com/advisories/31422
http://secunia.com/advisories/31430
http://secunia.com/advisories/31451
http://secunia.com/advisories/31482
http://secunia.com/advisories/31495
http://secunia.com/advisories/31588
http://secunia.com/advisories/31687
http://secunia.com/advisories/31823
http://secunia.com/advisories/31882
http://secunia.com/advisories/31900
http://secunia.com/advisories/33178
http://secunia.com/advisories/33714
http://secunia.com/advisories/33786
http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc
http://security.gentoo.org/glsa/glsa-200807-08.xml
http://security.gentoo.org/glsa/glsa-200812-17.xml
http://security.gentoo.org/glsa/glsa-201209-25.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/43334
https://exchange.xforce.ibmcloud.com/vulnerabilities/43637
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.452680
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.539239
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12117
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5725
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5761
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5917
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9627
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-240048-1
http://support.apple.com/kb/HT3026
http://support.apple.com/kb/HT3129
http://support.citrix.com/article/CTX117991
http://support.citrix.com/article/CTX118183
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=762152
https://www.exploit-db.com/exploits/6122
https://www.exploit-db.com/exploits/6123
https://www.exploit-db.com/exploits/6130
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html
https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
http://up2date.astaro.com/2008/08/up2date_7202_released.html
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning
http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
http://www.caughq.org/exploits/CAU-EX-2008-0003.txt
http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml
http://www.debian.org/security/2008/dsa-1603
http://www.debian.org/security/2008/dsa-1604
http://www.debian.org/security/2008/dsa-1605
http://www.debian.org/security/2008/dsa-1619
http://www.debian.org/security/2008/dsa-1623
http://www.doxpara.com/DMK_BO2K8.ppt
http://www.doxpara.com/?p=1176
http://www.ibm.com/support/docview.wss?uid=isg1IZ26667
http://www.ibm.com/support/docview.wss?uid=isg1IZ26668
http://www.ibm.com/support/docview.wss?uid=isg1IZ26669
http://www.ibm.com/support/docview.wss?uid=isg1IZ26670
http://www.ibm.com/support/docview.wss?uid=isg1IZ26671
http://www.ibm.com/support/docview.wss?uid=isg1IZ26672
http://www.ipcop.org/index.php?name=News&file=article&sid=40
http://www.isc.org/index.pl?/sw/bind/bind-security.php
http://www.kb.cert.org/vuls/id/800113
http://www.kb.cert.org/vuls/id/MIMG-7DWR4J
http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q
http://www.mandriva.com/security/advisories?name=MDVSA-2008:139
http://www.nominum.com/asset_upload_file741_2661.pdf
http://www.novell.com/support/viewContent.do?externalId=7000912
http://www.openbsd.org/errata42.html#013_bind
http://www.openbsd.org/errata43.html#004_bind
http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog
http://www.phys.uu.nl/~rombouts/pdnsd.html
http://www.redhat.com/support/errata/RHSA-2008-0789.html
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
http://www.securityfocus.com/archive/1/495289/100/0/threaded
http://www.securityfocus.com/archive/1/495869/100/0/threaded
http://www.securityfocus.com/bid/30131
http://www.securitytracker.com/id?1020437
http://www.securitytracker.com/id?1020438
http://www.securitytracker.com/id?1020440
http://www.securitytracker.com/id?1020448
http://www.securitytracker.com/id?1020449
http://www.securitytracker.com/id?1020548
http://www.securitytracker.com/id?1020558
http://www.securitytracker.com/id?1020560
http://www.securitytracker.com/id?1020561
http://www.securitytracker.com/id?1020575
http://www.securitytracker.com/id?1020576
http://www.securitytracker.com/id?1020577
http://www.securitytracker.com/id?1020578
http://www.securitytracker.com/id?1020579
http://www.securitytracker.com/id?1020651
http://www.securitytracker.com/id?1020653
http://www.securitytracker.com/id?1020702
http://www.securitytracker.com/id?1020802
http://www.securitytracker.com/id?1020804
http://www.ubuntu.com/usn/usn-622-1
http://www.ubuntu.com/usn/usn-627-1
http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
http://www.us-cert.gov/cas/techalerts/TA08-190A.html
http://www.us-cert.gov/cas/techalerts/TA08-190B.html
http://www.us-cert.gov/cas/techalerts/TA08-260A.html
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://www.vupen.com/english/advisories/2008/2019/references
http://www.vupen.com/english/advisories/2008/2023/references
http://www.vupen.com/english/advisories/2008/2025/references
http://www.vupen.com/english/advisories/2008/2029/references
http://www.vupen.com/english/advisories/2008/2030/references
http://www.vupen.com/english/advisories/2008/2050/references
http://www.vupen.com/english/advisories/2008/2051/references
http://www.vupen.com/english/advisories/2008/2052/references
http://www.vupen.com/english/advisories/2008/2055/references
http://www.vupen.com/english/advisories/2008/2092/references
http://www.vupen.com/english/advisories/2008/2113/references
http://www.vupen.com/english/advisories/2008/2114/references
http://www.vupen.com/english/advisories/2008/2123/references
http://www.vupen.com/english/advisories/2008/2139/references
http://www.vupen.com/english/advisories/2008/2166/references
http://www.vupen.com/english/advisories/2008/2195/references
http://www.vupen.com/english/advisories/2008/2196/references
http://www.vupen.com/english/advisories/2008/2197/references
http://www.vupen.com/english/advisories/2008/2268
http://www.vupen.com/english/advisories/2008/2291
http://www.vupen.com/english/advisories/2008/2334
http://www.vupen.com/english/advisories/2008/2342
http://www.vupen.com/english/advisories/2008/2377
http://www.vupen.com/english/advisories/2008/2383
http://www.vupen.com/english/advisories/2008/2384
http://www.vupen.com/english/advisories/2008/2466
http://www.vupen.com/english/advisories/2008/2467
http://www.vupen.com/english/advisories/2008/2482
http://www.vupen.com/english/advisories/2008/2525
http://www.vupen.com/english/advisories/2008/2549
http://www.vupen.com/english/advisories/2008/2558
http://www.vupen.com/english/advisories/2008/2582
http://www.vupen.com/english/advisories/2008/2584
http://www.vupen.com/english/advisories/2009/0297
http://www.vupen.com/english/advisories/2009/0311
http://www.vupen.com/english/advisories/2010/0622
449345 https://bugzilla.redhat.com/show_bug.cgi?id=449345
490123 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490123
CVE-2008-1447 https://nvd.nist.gov/vuln/detail/CVE-2008-1447
GLSA-200807-08 https://security.gentoo.org/glsa/200807-08
GLSA-200809-02 https://security.gentoo.org/glsa/200809-02
GLSA-200812-17 https://security.gentoo.org/glsa/200812-17
GLSA-200901-03 https://security.gentoo.org/glsa/200901-03
GLSA-201209-25 https://security.gentoo.org/glsa/201209-25
OSVDB-48245;CVE-2008-4194;OSVDB-47927;CVE-2008-1447;OSVDB-47926;OSVDB-47916;OSVDB-47232 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/6122.rb
OSVDB-48245;CVE-2008-4194;OSVDB-47927;CVE-2008-1447;OSVDB-47926;OSVDB-47916;OSVDB-47232 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/6123.py
OSVDB-48245;CVE-2008-4194;OSVDB-47927;CVE-2008-1447;OSVDB-47926;OSVDB-47916;OSVDB-47232;OSVDB-46776 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/6130.c
RHSA-2008:0533 https://access.redhat.com/errata/RHSA-2008:0533
RHSA-2008:0789 https://access.redhat.com/errata/RHSA-2008:0789
USN-622-1 https://usn.ubuntu.com/622-1/
USN-627-1 https://usn.ubuntu.com/627-1/
Data source Exploit-DB
Date added July 23, 2008
Description BIND 9.x - Remote DNS Cache Poisoning
Ransomware campaign use Known
Source publication date July 24, 2008
Exploit type remote
Platform multiple
Source update date Sept. 8, 2017
Data source Metasploit
Description This exploit attacks a fairly ubiquitous flaw in DNS implementations which Dan Kaminsky found and disclosed ~Jul 2008. This exploit caches a single malicious host entry into the target nameserver by sending random hostname queries to the target DNS server coupled with spoofed replies to those queries from the authoritative nameservers for that domain. Eventually, a guessed ID will match, the spoofed packet will get accepted, and due to the additional hostname entry being within bailiwick constraints of the original request the malicious host entry will get cached.
Note 
Stability:
  - service-resource-loss
SideEffects:
  - ioc-in-logs
Reliability: []
Ransomware campaign use Unknown
Source publication date July 21, 2008
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/spoof/dns/bailiwicked_host.rb
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2008-1447
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2008-1447
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2008-1447
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.95461
EPSS Score 0.11758
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.