Name | CVE-2008-1447 |
Description | The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug." |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DSA-1603-1, DSA-1604-1, DSA-1605-1, DSA-1617-1, DSA-1619-1, DSA-1623-1, DTSA-147-1 |
Debian Bugs | 490123, 490217, 492465, 492698, 492700, 493599, 502275 |
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
adns (PTS) | jessie, stretch | 1.5.0~rc1-1 | fixed |
| buster | 1.5.0~rc1-1.1 | fixed |
| trixie, bullseye, bookworm | 1.6.0-2 | fixed |
| sid | 1.6.1-1 | fixed |
bind9 (PTS) | jessie, jessie (lts) | 1:9.9.5.dfsg-9+deb8u30 | fixed |
| stretch (security) | 1:9.10.3.dfsg.P4-12.3+deb9u12 | fixed |
| stretch (lts), stretch | 1:9.10.3.dfsg.P4-12.3+deb9u15 | fixed |
| buster | 1:9.11.5.P4+dfsg-5.1+deb10u7 | fixed |
| buster (security) | 1:9.11.5.P4+dfsg-5.1+deb10u10 | fixed |
| bullseye | 1:9.16.44-1~deb11u1 | fixed |
| bullseye (security) | 1:9.16.48-1 | fixed |
| bookworm | 1:9.18.19-1~deb12u1 | fixed |
| bookworm (security) | 1:9.18.24-1 | fixed |
| sid, trixie | 1:9.19.21-1 | fixed |
dnsmasq (PTS) | jessie, jessie (lts) | 2.72-3+deb8u7 | fixed |
| stretch (security) | 2.76-5+deb9u3 | fixed |
| stretch (lts), stretch | 2.76-5+deb9u4 | fixed |
| buster, buster (security) | 2.80-1+deb10u1 | fixed |
| bullseye | 2.85-1 | fixed |
| bookworm | 2.89-1 | fixed |
| sid, trixie | 2.90-3 | fixed |
dnspython (PTS) | jessie | 1.12.0-1 | vulnerable |
| stretch | 1.15.0-1+deb9u1 | vulnerable |
| buster | 1.16.0-1+deb10u1 | vulnerable |
| bullseye | 2.0.0-1 | vulnerable |
| bookworm | 2.3.0-1 | vulnerable |
| sid, trixie | 2.6.1-1 | vulnerable |
libnet-dns-perl (PTS) | jessie, jessie (lts) | 0.81-2+deb8u1 | fixed |
| stretch | 1.07-1 | fixed |
| buster | 1.19-1 | fixed |
| bullseye | 1.29-1 | fixed |
| bookworm | 1.36-1 | fixed |
| sid, trixie | 1.44-1 | fixed |
pdnsd (PTS) | jessie | 1.2.9a-par-2 | fixed |
python-dns (PTS) | jessie, stretch | 2.3.6-3 | fixed |
| buster | 2.3.6-4 | fixed |
refpolicy (PTS) | stretch | 2:2.20161023.1-9 | fixed |
| buster | 2:2.20190201-2 | fixed |
| bullseye | 2:2.20210203-7 | fixed |
| bookworm | 2:2.20221101-9 | fixed |
| sid, trixie | 2:2.20240415-1 | fixed |
udns (PTS) | jessie, buster, bullseye, stretch, bookworm | 0.4-1 | fixed |
| sid, trixie | 0.5-1 | fixed |
The information below is based on the following data on fixed versions.