Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2008-1447

Publication date 8 July 2008

Last updated 24 July 2024

Ubuntu priority

High

Why this priority?

Cvss 3 Severity Score

6.8 · Medium

Score breakdown

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."

Read the notes from the security team

Status

Package Ubuntu Release Status
bind9 9.10 karmic
Fixed 1:9.5.0.dfsg.P1-2~build1
9.04 jaunty
Fixed 1:9.5.0.dfsg.P1-2~build1
8.10 intrepid
Fixed 1:9.5.0.dfsg.P1-2~build1
8.04 LTS hardy
Fixed 1:9.4.2-10ubuntu0.1
7.10 gutsy
Fixed 1:9.4.1-P1-3ubuntu2
7.04 feisty
Fixed 1:9.3.4-2ubuntu2.3
6.06 LTS dapper
Fixed 1:9.3.2-2ubuntu1.5
dnsmasq 9.10 karmic
Fixed 2.43-1ubuntu1
9.04 jaunty
Fixed 2.43-1ubuntu1
8.10 intrepid
Fixed 2.43-1ubuntu1
8.04 LTS hardy
Fixed 2.41-2ubuntu2.1
7.10 gutsy Ignored end of life, was needed
7.04 feisty Ignored end of life, was needed
6.06 LTS dapper Ignored end of life
eglibc 9.10 karmic
Not affected
9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty Not in release
6.06 LTS dapper Not in release
glibc 9.10 karmic Not in release
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy Ignored end of life, was needed
7.04 feisty Ignored end of life, was needed
6.06 LTS dapper
Not affected
python-dns 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Fixed 2.3.1-2ubuntu0.2
7.10 gutsy
Fixed 2.3.1-1ubuntu0.2
7.04 feisty
Fixed 2.3.0-5.1ubuntu2.2
6.06 LTS dapper
Fixed 2.3.0-5ubuntu1.2

Notes

mdeslaur

from debian: "glibc stub resolver relies on source port randomisation in kernel"

Severity score breakdown

Parameter Value
Base score 6.8 · Medium
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Changed
Confidentiality None
Integrity impact High
Availability impact None
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

References

Related Ubuntu Security Notices (USN)

Other references