CVE-2008-1447

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2008-1447
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2008-1447.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2008-1447
Related
Published
2008-07-08T23:41:00Z
Modified
2024-06-30T12:35:03.164476Z
Severity
  • 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."

References

Affected packages

Debian:11 / adns

Package

Name
adns
Purl
pkg:deb/debian/adns?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / adns

Package

Name
adns
Purl
pkg:deb/debian/adns?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / adns

Package

Name
adns
Purl
pkg:deb/debian/adns?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:11 / bind9

Package

Name
bind9
Purl
pkg:deb/debian/bind9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:9.5.0.dfsg-5

Ecosystem specific

{
    "urgency": "high"
}

Debian:12 / bind9

Package

Name
bind9
Purl
pkg:deb/debian/bind9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:9.5.0.dfsg-5

Ecosystem specific

{
    "urgency": "high"
}

Debian:13 / bind9

Package

Name
bind9
Purl
pkg:deb/debian/bind9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:9.5.0.dfsg-5

Ecosystem specific

{
    "urgency": "high"
}

Debian:11 / dnsmasq

Package

Name
dnsmasq
Purl
pkg:deb/debian/dnsmasq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.43-1

Ecosystem specific

{
    "urgency": "medium"
}

Debian:12 / dnsmasq

Package

Name
dnsmasq
Purl
pkg:deb/debian/dnsmasq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.43-1

Ecosystem specific

{
    "urgency": "medium"
}

Debian:13 / dnsmasq

Package

Name
dnsmasq
Purl
pkg:deb/debian/dnsmasq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.43-1

Ecosystem specific

{
    "urgency": "medium"
}

Debian:11 / dnspython

Package

Name
dnspython
Purl
pkg:deb/debian/dnspython?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.0-1
2.1.0-1
2.2.0~rc1-1
2.2.0-1
2.2.0-2
2.2.1-1
2.2.1-2
2.3.0~rc1-1
2.3.0-1
2.4.0~rc1-1
2.4.0-1
2.4.1-1
2.4.2-1
2.5.0~rc1-1
2.5.0-1
2.6.0~rc1-1
2.6.0-1
2.6.1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / dnspython

Package

Name
dnspython
Purl
pkg:deb/debian/dnspython?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.0-1
2.4.0~rc1-1
2.4.0-1
2.4.1-1
2.4.2-1
2.5.0~rc1-1
2.5.0-1
2.6.0~rc1-1
2.6.0-1
2.6.1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / dnspython

Package

Name
dnspython
Purl
pkg:deb/debian/dnspython?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.0-1
2.4.0~rc1-1
2.4.0-1
2.4.1-1
2.4.2-1
2.5.0~rc1-1
2.5.0-1
2.6.0~rc1-1
2.6.0-1
2.6.1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:11 / libnet-dns-perl

Package

Name
libnet-dns-perl
Purl
pkg:deb/debian/libnet-dns-perl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.63-2

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / libnet-dns-perl

Package

Name
libnet-dns-perl
Purl
pkg:deb/debian/libnet-dns-perl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.63-2

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / libnet-dns-perl

Package

Name
libnet-dns-perl
Purl
pkg:deb/debian/libnet-dns-perl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.63-2

Ecosystem specific

{
    "urgency": "low"
}