CVE-2008-1447 (retired)

Priority
Description
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1,
9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and
SP3, and Server 2003 SP1 and SP2; and other implementations allow remote
attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick
referrals to conduct cache poisoning against recursive resolvers, related
to insufficient randomness of DNS transaction IDs and source ports, aka
"DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Notes
 mdeslaur> from debian: "glibc stub resolver relies on source port
 mdeslaur> randomisation in kernel"
Assigned-to
jdstrand
Package
Source: bind9 (LP Ubuntu Debian)
Upstream:released
Package
Priority: Medium
Upstream:released (2.43-1)
Package
Priority: Low
Upstream:not-affected
Package
Source: glibc (LP Ubuntu Debian)
Priority: Low
Upstream:not-affected
Package
Priority: Medium
Upstream:released (2.3.3-1)
More Information

Updated: 2019-03-26 11:43:32 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)