Name | CVE-2008-1447 |
Description | The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug." |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more) |
References | DSA-1603-1, DSA-1604-1, DSA-1605-1, DSA-1617-1, DSA-1619-1, DSA-1623-1, DTSA-147-1 |
Debian Bugs | 490123, 490217, 492465, 492698, 492700, 493599, 502275 |
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
adns (PTS) | stretch | 1.5.0~rc1-1 | fixed |
| buster | 1.5.0~rc1-1.1 | fixed |
| bookworm, sid, bullseye | 1.6.0-2 | fixed |
bind9 (PTS) | stretch | 1:9.10.3.dfsg.P4-12.3+deb9u6 | fixed |
| stretch (security) | 1:9.10.3.dfsg.P4-12.3+deb9u12 | fixed |
| buster, buster (security) | 1:9.11.5.P4+dfsg-5.1+deb10u7 | fixed |
| bullseye (security), bullseye | 1:9.16.27-1~deb11u1 | fixed |
| bookworm | 1:9.18.1-1 | fixed |
| sid | 1:9.18.3-1 | fixed |
dnsmasq (PTS) | stretch | 2.76-5+deb9u2 | fixed |
| stretch (security) | 2.76-5+deb9u3 | fixed |
| buster, buster (security) | 2.80-1+deb10u1 | fixed |
| bullseye | 2.85-1 | fixed |
| bookworm, sid | 2.86-1.1 | fixed |
dnspython (PTS) | stretch | 1.15.0-1+deb9u1 | vulnerable |
| buster | 1.16.0-1+deb10u1 | vulnerable |
| bullseye | 2.0.0-1 | vulnerable |
| bookworm, sid | 2.2.1-2 | vulnerable |
libnet-dns-perl (PTS) | stretch | 1.07-1 | fixed |
| buster | 1.19-1 | fixed |
| bullseye | 1.29-1 | fixed |
| bookworm, sid | 1.34-1 | fixed |
python-dns (PTS) | stretch | 2.3.6-3 | fixed |
| buster | 2.3.6-4 | fixed |
refpolicy (PTS) | stretch | 2:2.20161023.1-9 | fixed |
| buster | 2:2.20190201-2 | fixed |
| bullseye | 2:2.20210203-7 | fixed |
| bookworm, sid | 2:2.20220520-1 | fixed |
udns (PTS) | bookworm, sid, buster, bullseye, stretch | 0.4-1 | fixed |
The information below is based on the following data on fixed versions.