Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
BID:30131
Info
Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
| Bugtraq ID: | 30131 |
| Class: | Design Error |
| CVE: |
CVE-2008-1447 CVE-2008-5133 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 08 2008 12:00AM |
| Updated: | Apr 13 2015 09:35PM |
| Credit: | Dan Kaminsky of IOActive |
| Vulnerable: |
Yukihiro Matsumoto Ruby 1.9 -2 Yukihiro Matsumoto Ruby 1.9 -1 Yukihiro Matsumoto Ruby 1.9 Yukihiro Matsumoto Ruby 1.8.7 -p71 Yukihiro Matsumoto Ruby 1.8.7 -p22 Yukihiro Matsumoto Ruby 1.8.7 -p21 Yukihiro Matsumoto Ruby 1.8.7 Yukihiro Matsumoto Ruby 1.8.6 -p286 Yukihiro Matsumoto Ruby 1.8.6 -p230 Yukihiro Matsumoto Ruby 1.8.6 -p229 Yukihiro Matsumoto Ruby 1.8.6 -p114 Yukihiro Matsumoto Ruby 1.8.6 Yukihiro Matsumoto Ruby 1.8.5 -p231 Yukihiro Matsumoto Ruby 1.8.5 -p230 Yukihiro Matsumoto Ruby 1.8.5 -p2 Yukihiro Matsumoto Ruby 1.8.5 -p115 Yukihiro Matsumoto Ruby 1.8.5 Yukihiro Matsumoto Ruby 1.8.4 Yukihiro Matsumoto Ruby 1.8.3 Yukihiro Matsumoto Ruby 1.8.2 pre4 Yukihiro Matsumoto Ruby 1.8.2 pre3 Yukihiro Matsumoto Ruby 1.8.2 pre2 Yukihiro Matsumoto Ruby 1.8.2 pre1 Yukihiro Matsumoto Ruby 1.8.2 Yukihiro Matsumoto Ruby 1.8.1 Yukihiro Matsumoto Ruby 1.8 Yamaha SRT100 0 Yamaha RTX3000 0 Yamaha RTX2000 Yamaha RTX1500 Yamaha RTX1100 Yamaha RTX1000 Yamaha RTW65i 0 Yamaha RTW65b 0 Yamaha RTV700 Yamaha RTV01 0 Yamaha RTA55i 0 Yamaha RTA54i 0 Yamaha RTA52i 0 Yamaha RTA50i 0 Yamaha RT80i 0 Yamaha RT60w 0 Yamaha RT58i 0 Yamaha RT57i Yamaha RT56v 0 Yamaha RT300i Yamaha RT200i 0 Yamaha RT140p 0 Yamaha RT140i 0 Yamaha RT140f 0 Yamaha RT140e 0 Yamaha RT107e 0 Yamaha RT105p 0 Yamaha RT105i 0 Yamaha RT105e 0 Yamaha RT103i 0 Yamaha RT102i 0 Yamaha RT100i 0 Wind River Systems Linux 3.1 Wind River Systems Linux 0 VMWare ESX Server 3.0.3 VMWare ESX Server 3.0.2 VMWare ESX Server 3.0.1 VMWare ESX Server 2.5.5 VMWare ESX Server 2.5.4 VMWare ESX Server 3.5 Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 lpia Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 10 SP2 SuSE SUSE Linux Enterprise Server 10 SP1 SuSE SUSE Linux Enterprise SDK 10.SP1 SuSE SUSE Linux Enterprise SDK 10 SP2 SuSE SUSE Linux Enterprise Desktop 10 SP2 SuSE SUSE Linux Enterprise Desktop 10 SP1 SuSE openSUSE 10.3 Sun Solaris 9_x86 Sun Solaris 9_sparc Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 10_x86 Sun Solaris 10_sparc Sun OpenSolaris build snv_95 Sun OpenSolaris build snv_92 Sun OpenSolaris build snv_91 Sun OpenSolaris build snv_89 Sun OpenSolaris build snv_88 Sun OpenSolaris build snv_64 Sun OpenSolaris build snv_22 Sun OpenSolaris build snv_19 Sun OpenSolaris build snv_13 Sun OpenSolaris build snv_02 Sun OpenSolaris build snv_01 Sun OpenSolaris 0 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 10.0 Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 8.1 Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux 11.0 Slackware Linux -current Secure Computing Sidewinder Software 5.2 .1.02 Secure Computing Sidewinder Software 5.2 .1 Secure Computing Sidewinder Software 5.2 .0.04 Secure Computing Sidewinder Software 5.2 .0.03 Secure Computing Sidewinder Software 5.2 .0.02 Secure Computing Sidewinder Software 5.2 .0.01 Secure Computing Sidewinder Software 5.2 Secure Computing Sidewinder Software 5.1 .1.01 Secure Computing Sidewinder Software 5.1 .1 Secure Computing Sidewinder Software 5.1 .0.02 Secure Computing Sidewinder Software 5.1 .0.01 Secure Computing Sidewinder Software 5.1 Secure Computing Sidewinder Software 5.0 .0.04 Secure Computing Sidewinder Software 5.0 .0.03 Secure Computing Sidewinder Software 5.0 .0.02 Secure Computing Sidewinder Software 5.0 .0.01 Secure Computing Sidewinder Software 5.0 Secure Computing Sidewinder G2 6.1 .0.02 Secure Computing Sidewinder G2 6.1 .0.01 Secure Computing Sidewinder 5.2.1 .10 Secure Computing Sidewinder 5.2 .1.02 Secure Computing Sidewinder 5.2 .1 Secure Computing Sidewinder 5.2 .0.04 Secure Computing Sidewinder 5.2 .0.03 Secure Computing Sidewinder 5.2 .0.02 Secure Computing Sidewinder 5.2 .0.01 Secure Computing Sidewinder 5.2 Secure Computing Sidewinder 5.1 .1.01 Secure Computing Sidewinder 5.1 .1 Secure Computing Sidewinder 5.1 .0.02 Secure Computing Sidewinder 5.1 .0.01 Secure Computing Sidewinder 5.1 Secure Computing Sidewinder 5.0 .0.04 Secure Computing Sidewinder 5.0 .0.03 Secure Computing Sidewinder 5.0 .0.02 Secure Computing Sidewinder 5.0 .0.01 Secure Computing Sidewinder 5.0 Secure Computing CyberGuard TSP 0 Secure Computing CyberGuard Classic 0 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9.0 rPath rPath Linux 2 rPath rPath Linux 1 rPath Appliance Platform Linux Service 2 rPath Appliance Platform Linux Service 1 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 RedHat Advanced Workstation for the Itanium Processor 2.1 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux AS 4 Red Hat Enterprise Linux AS 3 Red Hat Enterprise Linux AS 2.1 IA64 Red Hat Enterprise Linux AS 2.1 Red Hat Enterprise Linux 5 Server Python DNS Library pydns 2.3 pdnsd pdnsd 1.2.6 -par pdnsd pdnsd 1.2.4 -par pdnsd pdnsd 1.2.3 -par pdnsd pdnsd 1.2.2 -par pdnsd pdnsd 1.2.1 -par pdnsd pdnsd 1.2-par Pardus Linux 2008 0 Pardus Linux 2007 0 Openwall Openwall GNU/*/Linux 2.0-stable Openwall Openwall GNU/*/Linux 2.0-current OpenBSD OpenBSD 4.3 OpenBSD OpenBSD 4.2 OpenBSD OpenBSD -current Novell Open Enterprise Server (OES) 0 Novell Netware 6.5 SP7 Novell Netware 6.5 SP6 Novell Netware 6.5 SP5 Novell Netware 6.5 SP4 Novell Netware 6.5 SP1.1(b) Novell Netware 6.5 SP1.1(a) Novell Netware 6.5 SP3 Novell Netware 6.5 SP2 Novell Netware 6.5 SP1 Novell Netware 6.5 Novell Netware 6.0 SP3 Novell Netware 6.0 SP2 Novell Netware 6.0 SP1 Novell Netware 6.0 Novell Netware 5.1 SP6 Novell Netware 5.1 SP4 Novell Netware 5.1 SP5 Novell Netware 5.1 Novell Netware 5.0 SP5 Novell Netware 5.0 Nortel Networks Trail Manager Route Advisor 0 Nortel Networks SRG 1.0 Nortel Networks Self-Service WVADS 0 Nortel Networks Self-Service Speech Server 0 Nortel Networks Self-Service Peri Workstation 0 Nortel Networks Self-Service Peri Application 0 Nortel Networks Self-Service MPS 500 0 Nortel Networks Self-Service MPS 1000 0 Nortel Networks Self-Service MPS 100 0 Nortel Networks Self-Service CCXML 0 Nortel Networks Self-Service - Web Centric CCXML Nortel Networks Self-Service - CCSS7 0 Nortel Networks Self Service VoiceXML 0 Nortel Networks PMBB 0 Nortel Networks Optical Trail Manager 0 Nortel Networks Optical Software Upgrade Manager 0 Nortel Networks Optical RMBB 0 Nortel Networks Optical FMBB 0 Nortel Networks Optical Application Platform 0 Nortel Networks Optical AMBB 0 Nortel Networks NSNA Switch 4070 Nortel Networks NSNA Switch 4050 Nortel Networks Multimedia Comm MCS5100 Nortel Networks ENSM - Enterprise NMS 10.5 Nortel Networks ENSM - Enterprise NMS 10.4 Nortel Networks BCM 200 Nominum Software Vantio (CNS) 3 Nominum Software Caching Name Server (CNS) 3 Nixu Secure Name Server 1 NetBSD NetBSD 3.0.2 NetBSD NetBSD 3.0.1 NetBSD NetBSD Current NetBSD NetBSD 4.0 BETA2 NetBSD NetBSD 4.0 NetBSD NetBSD 4,0_Beta NetBSD NetBSD 3.1_RC3 NetBSD NetBSD 3.1 NetBSD NetBSD 3,1_RC1 Navision Financials Server 3.0 Microsoft Windows XP Tablet PC Edition SP3 Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional SP3 Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Media Center Edition SP3 Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP3 Microsoft Windows XP Home SP2 Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows XP 0 Microsoft Windows Server 2003 x64 SP2 Microsoft Windows Server 2003 x64 SP1 Microsoft Windows Server 2003 Web Edition SP2 Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard x64 Edition Microsoft Windows Server 2003 Standard Edition SP2 Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Itanium SP2 Microsoft Windows Server 2003 Itanium SP1 Microsoft Windows Server 2003 Itanium 0 Microsoft Windows Server 2003 Enterprise x64 Edition SP2 Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Microsoft Windows Server 2003 Enterprise Edition Itanium 0 Microsoft Windows Server 2003 Enterprise Edition SP1 Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Datacenter x64 Edition SP2 Microsoft Windows Server 2003 Datacenter x64 Edition Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Microsoft Windows Server 2003 Datacenter Edition Itanium 0 Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 SP1 Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Server SP3 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Server Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Datacenter Server SP3 Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Advanced Server SP4 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server Mandriva Linux Mandrake 2008.1 x86_64 Mandriva Linux Mandrake 2008.1 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Lucent VitalQIP 6.2 Lucent VitalQIP 6.1 Lucent VitalQIP 6.0 Lucent VitalQIP 5.2 Lucent VitalQIP 7.x Lucent VitalQIP 6.1 sp1 Juniper Networks ScreenOS 5.2 Juniper Networks ScreenOS 5.1 Juniper Networks JUNOSe 7.1.1 Juniper Networks JUNOSe 7.1 p0-1 Juniper Networks JUNOSe 7.0.2 Juniper Networks JUNOSe 7.0.1 p0-7 Juniper Networks JUNOSe 6.1.3 p0-1 Juniper Networks JUNOSe 6.0.4 Juniper Networks JUNOSe 6.0.3 p0-6 Juniper Networks JUNOSe 5.3.5 p0-2 Juniper Networks JUNOSe 0 Juniper Networks JUNOS 8.0 Juniper Networks JUNOS 6.4 Juniper Networks JUNOS 6.3 Juniper Networks JUNOS 6.2 Juniper Networks JUNOS 6.1 Juniper Networks JUNOS 5.7 Juniper Networks JUNOS 5.6 Juniper Networks JUNOS 5.5 Juniper Networks JUNOS 5.4 Juniper Networks JUNOS 5.3 Juniper Networks JUNOS 5.2 Juniper Networks JUNOS 5.1 Juniper Networks JUNOS 5.0 Juniper Networks JUNOS 8.5.R1 Juniper Networks JUNOS 8.4 Juniper Networks JUNOS 7.3 ISC BIND 9.5 a2 ISC BIND 9.5 a1 ISC BIND 9.4.3 ISC BIND 9.4.1 -P1 ISC BIND 9.4.1 ISC BIND 9.4 rc2 ISC BIND 9.4 rc1 ISC BIND 9.4 b4 ISC BIND 9.4 b3 ISC BIND 9.4 b3 ISC BIND 9.4 b2 ISC BIND 9.4 b1 ISC BIND 9.4 a6 ISC BIND 9.4 a5 ISC BIND 9.4 a4 ISC BIND 9.4 a3 ISC BIND 9.4 a2 ISC BIND 9.4 a1 ISC BIND 9.4 ISC BIND 9.3.5 ISC BIND 9.3.4 ISC BIND 9.3.3 rc3 ISC BIND 9.3.3 rc2 ISC BIND 9.3.3 rc1 ISC BIND 9.3.3 b1 ISC BIND 9.3.3 b ISC BIND 9.3.3 ISC BIND 9.3.2 -P2 ISC BIND 9.3.2 -P1 ISC BIND 9.3.2 ISC BIND 9.3.1 ISC BIND 9.3 ISC BIND 9.2.8 ISC BIND 9.2.7 rc3 ISC BIND 9.2.7 rc2 ISC BIND 9.2.7 rc1 ISC BIND 9.2.7 b1 ISC BIND 9.2.7 ISC BIND 9.2.6 -P2 ISC BIND 9.2.6 -P1 ISC BIND 9.2.6 ISC BIND 9.2.5 ISC BIND 9.2.4 ISC BIND 9.2.3 ISC BIND 9.2.2 ISC BIND 9.2.1 ISC BIND 9.2 ISC BIND 9.1.3 ISC BIND 9.1.2 ISC BIND 9.1.1 ISC BIND 9.1 ISC BIND 9.0.1 ISC BIND 9.0 ISC BIND 8.4.7 -P1 ISC BIND 8.4.7 ISC BIND 8.4.6 ISC BIND 8.4.5 ISC BIND 8.4.4 ISC BIND 8.4.3 ISC BIND 8.4.2 ISC BIND 8.4.1 ISC BIND 8.4 ISC BIND 8.3.7 ISC BIND 8.3.6 ISC BIND 8.3.5 ISC BIND 8.3.4 ISC BIND 8.3.3 ISC BIND 8.3.2 ISC BIND 8.3.1 ISC BIND 8.3 .0 ISC BIND 8.2.7 ISC BIND 8.2.6 ISC BIND 8.2.5 ISC BIND 8.2.4 ISC BIND 8.2.3 Beta ISC BIND 8.2.3 ISC BIND 8.2.2 p7 ISC BIND 8.2.2 p6 ISC BIND 8.2.2 p5 ISC BIND 8.2.2 p4 ISC BIND 8.2.2 p3 ISC BIND 8.2.2 p2 ISC BIND 8.2.2 p1 ISC BIND 8.2.2 ISC BIND 8.2.1 ISC BIND 8.2 ISC BIND 8.1.2 ISC BIND 8.1.1 ISC BIND 8.1 ISC BIND 9.5.0b2 ISC BIND 9.5.0b1 ISC BIND 9.5.0a7 ISC BIND 9.5.0a6 ISC BIND 9.5.0a5 ISC BIND 9.5.0a4 ISC BIND 9.5.0a3 IPCop IPCop 1.4.18 IPCop IPCop 1.4.17 IPCop IPCop 1.4.16 IPCop IPCop 1.4.15 IPCop IPCop 1.4.14 IPCop IPCop 1.4.13 IPCop IPCop 1.4.12 IPCop IPCop 1.4.11 IPCop IPCop 1.4.10 Ingate SIParator 4.6.1 Ingate SIParator 4.6 Ingate Firewall 4.6.1 Ingate Firewall 4.6 Infoblox NIOS 4 Infoblox DNS One Appliance 2 IBM AIX 6.1.2 IBM AIX 6.1.1 IBM AIX 5.3.9 IBM AIX 5.3.8 IBM AIX 5.3.7 IBM AIX 6.1 IBM AIX 5.3 IBM AIX 5.2 HP Tru64 UNIX 5.1.0 B-4 HP Tru64 UNIX 5.1.0 B-3 HP TCP/IP Services for OpenVMS Integrity 5.6 HP TCP/IP Services for OpenVMS Integrity 5.5 HP TCP/IP Services for OpenVMS Alpha 5.6 HP TCP/IP Services for OpenVMS Alpha 5.5 HP TCP/IP Services for OpenVMS Alpha 5.4 HP Storage Management Appliance 2.1 HP NonStop Server 6 HP MPE/iX 7.5 HP MPE/iX 7.0 HP MPE/iX 6.5 HP HP-UX B.11.31 HP HP-UX B.11.23 HP HP-UX B.11.11 Gentoo net-dns/dnsmasq 2.43 Gentoo Linux FreeBSD FreeBSD 7.0 -RELENG FreeBSD FreeBSD 7.0 FreeBSD FreeBSD 6.3 -RELENG FreeBSD FreeBSD 6.3 F5 WANJet 5.0.2 F5 WANJet 5.0 F5 FirePass 6.0.2 F5 FirePass 6.0.1 F5 FirePass 5.5.2 F5 FirePass 6.0 F5 FirePass 5.5 F5 Enterprise Manager 1.4.1 F5 Enterprise Manager 1.6 F5 Enterprise Manager 1.2 F5 BigIP 9.6.1 F5 BigIP 9.4.5 F5 BigIP 9.4.3 F5 BigIP 9.3.1 F5 BigIP 4.6.4 F5 BigIP 4.6.3 F5 BigIP 4.6.2 F5 BigIP 4.6.1 F5 BigIP 4.6 F5 BigIP 4.5.14 F5 BigIP 4.5.13 F5 BigIP 4.5.12 F5 BigIP 4.5.11 F5 BigIP 4.5.10 F5 BigIP 4.5.9 F5 BigIP 4.5.6 F5 BigIP 4.5 F5 BigIP 9.6 F5 BigIP 9.4 F5 BigIP 9.3 F5 BigIP 8.0 F5 3-DNS 4.6.4 F5 3-DNS 4.6.3 F5 3-DNS 4.6.2 F5 3-DNS 4.6.1 F5 3-DNS 4.6 F5 3-DNS 4.5.14 F5 3-DNS 4.5.13 F5 3-DNS 4.5.12 F5 3-DNS 4.5.11 F5 3-DNS 4.5 Dnsmasq Dnsmasq 2.4.1 Dnsmasq Dnsmasq 2.35 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Citrix NetScaler 8.1 build 57.3 Citrix NetScaler 8.0 build 47.8 Citrix Access Gateway Standard Edition 4.5.7 Rev A Citrix Access Gateway Standard Edition 4.5.7 Citrix Access Gateway Standard Edition 4.5.6 Citrix Access Gateway Standard Edition 4.5 Citrix Access Gateway Advanced Edition 4.5 Cisco Network Registar 7.0 Cisco Network Registar 6.3 Cisco Network Registar 6.1 Cisco Network Registar Cisco IOS 12.4XZ Cisco IOS 12.4XY Cisco IOS 12.4XW Cisco IOS 12.4XV Cisco IOS 12.4XT Cisco IOS 12.4XQ Cisco IOS 12.4XN Cisco IOS 12.4XM Cisco IOS 12.4XL Cisco IOS 12.4XJ Cisco IOS 12.4XE Cisco IOS 12.4XD Cisco IOS 12.4XC Cisco IOS 12.4XB Cisco IOS 12.4XA Cisco IOS 12.4T Cisco IOS 12.4SW Cisco IOS 12.4MR Cisco IOS 12.4MD Cisco IOS 12.4 Cisco IOS 12.3YZ Cisco IOS 12.3YX Cisco IOS 12.3YU Cisco IOS 12.3YT Cisco IOS 12.3YS Cisco IOS 12.3YM Cisco IOS 12.3YK Cisco IOS 12.3YI Cisco IOS 12.3YH Cisco IOS 12.3YG Cisco IOS 12.3YF Cisco IOS 12.3YD Cisco IOS 12.3YA Cisco IOS 12.3XW Cisco IOS 12.3XS Cisco IOS 12.3XR Cisco IOS 12.3XQ Cisco IOS 12.3XK Cisco IOS 12.3XJ Cisco IOS 12.3XI Cisco IOS 12.3XH Cisco IOS 12.3XG Cisco IOS 12.3XF Cisco IOS 12.3XE Cisco IOS 12.3XD Cisco IOS 12.3XC Cisco IOS 12.3XB Cisco IOS 12.3XA Cisco IOS 12.3VA Cisco IOS 12.3TPC Cisco IOS 12.3T Cisco IOS 12.3BW Cisco IOS 12.3B Cisco IOS 12.3 Cisco IOS 12.2ZL Cisco IOS 12.2ZJ Cisco IOS 12.2ZH Cisco IOS 12.2ZG Cisco IOS 12.2ZF Cisco IOS 12.2ZE Cisco IOS 12.2ZD Cisco IOS 12.2ZB Cisco IOS 12.2YV Cisco IOS 12.2YU Cisco IOS 12.2YT Cisco IOS 12.2YO Cisco IOS 12.2YN Cisco IOS 12.2YM Cisco IOS 12.2YL Cisco IOS 12.2YJ Cisco IOS 12.2XU Cisco IOS 12.2XT Cisco IOS 12.2XL Cisco IOS 12.2XK Cisco IOS 12.2XG Cisco IOS 12.2XC Cisco IOS 12.2XB Cisco IOS 12.2TPC Cisco IOS 12.2T Cisco IOS 12.2CZ Cisco IOS 12.2BY Cisco IOS 12.2BW Cisco IOS 12.2B Cisco IOS 12.2 Cisco IOS 12.1YE Cisco IOS 12.1XC Cisco IOS 12.1T Cisco IOS 12.1EX Cisco IOS 12.1EA Cisco IOS 12.1DB Cisco IOS 12.1AY Cisco IOS 12.1 Cisco IOS 12.0XR Cisco IOS 12.0XK Cisco IOS 12.0XE Cisco IOS 12.0WC Cisco IOS 12.0T Cisco IOS 12.0DC Cisco IOS 12.0DB Cisco CNS Network Registrar 6.1.1 .4 Cisco CNS Network Registrar 6.1.1 .3 Cisco CNS Network Registrar 6.1.1 .2 Cisco CNS Network Registrar 6.1.1 .1 Cisco CNS Network Registrar 6.1.1 Cisco CNS Network Registrar 6.1 Cisco Application & Content Networking Software (ACNS) Cisco Application & Content Networking Software 5.5.7 Cisco Application & Content Networking Software 5.3.3 Cisco Application & Content Networking Software 5.2.7 Cisco Application & Content Networking Software 5.2.3 .9 Cisco Application & Content Networking Software 5.2.1 .7 Cisco Application & Content Networking Software 5.2 Cisco Application & Content Networking Software 5.1.15 Cisco Application & Content Networking Software 5.1.13 .7 Cisco Application & Content Networking Software 5.1.11 .6 Cisco Application & Content Networking Software 5.1.9 Cisco Application & Content Networking Software 5.1 Cisco Application & Content Networking Software 5.0.17 .6 Cisco Application & Content Networking Software 5.0.5 Cisco Application & Content Networking Software 5.0.3 Cisco Application & Content Networking Software 5.0.1 Cisco Application & Content Networking Software 5.0 Cisco Application & Content Networking Software 4.2.11 Cisco Application & Content Networking Software 4.2.9 Cisco Application & Content Networking Software 4.2.7 Cisco Application & Content Networking Software 4.2 Cisco Application & Content Networking Software 4.1.3 Cisco Application & Content Networking Software 4.1.1 Cisco Application & Content Networking Software 4.0.3 Cisco Application & Content Networking Software Bluecat Networks Adonis (Firmware) 5.1.1 Bluecat Networks Adonis (Firmware) 5.1 .8 Bluecat Networks Adonis (Firmware) 5.1 .7 Bluecat Networks Adonis (Firmware) 5.1 Bluecat Networks Adonis (Firmware) 5.0.5 Bluecat Networks Adonis (Firmware) 5.0.2 .8 Bluecat Networks Adonis (Firmware) 4.1 .43 Bluecat Networks Adonis (Firmware) 5.0 Blue Coat Systems ProxySG 0 Blue Coat Systems ProxyRA 0 Blue Coat Systems PacketShaper 0 Blue Coat Systems iShaper 0 Blue Coat Systems Director 0 Avaya Messaging Application Server MM 3.1 Avaya Messaging Application Server MM 3.0 Avaya Messaging Application Server MM 2.0 Avaya Messaging Application Server MM 1.1 Avaya Messaging Application Server 0 Astaro Security Gateway 7 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.5 Apple iPod Touch 2.0.2 Apple iPod Touch 2.0.1 Apple iPod Touch 1.1.4 Apple iPod Touch 1.1.3 Apple iPod Touch 1.1.2 Apple iPod Touch 1.1.1 Apple iPod Touch 2.0 Apple iPod Touch 1.1 Apple iPhone 2.0.2 Apple iPhone 2.0.1 Apple iPhone 1.1.4 Apple iPhone 1.1.3 Apple iPhone 1.1.2 Apple iPhone 1.1.1 Apple iPhone 1.0.2 Apple iPhone 1.0.1 Apple iPhone 2.0 Apple iPhone 1.1 Apple iPhone 1 Apple iPhone 0 |
| Not Vulnerable: |
Yukihiro Matsumoto Ruby 1.8.7 -p72 Yukihiro Matsumoto Ruby 1.8.6 -p287 pdnsd pdnsd 1.2.7 -par ISC BIND 9.5.1b1 ISC BIND 9.5.0-P2 ISC BIND 9.4.3b2 ISC BIND 9.4.2-P2 ISC BIND 9.3.5-P2 IPCop IPCop 1.4.20 IPCop IPCop 1.4.19 Ingate SIParator 4.6.4 Ingate Firewall 4.6.4 Gentoo net-dns/dnsmasq 2.45 djbdns djbdns 0 Cisco Network Registar 7.0.1 Cisco Network Registar 6.3.1.5 Cisco IOS 12.4(21) Cisco IOS 12.4(19b) Cisco IOS 12.4(19a) Cisco IOS 12.4(18b) Cisco Application & Content Networking Software 5.5.11 Blue Coat Systems ProxySG 5.2.4 .3 Blue Coat Systems ProxySG 4.2.8 .7 Blue Coat Systems ProxyRA 2.3.2 .1 Blue Coat Systems PacketShaper 8.4 Blue Coat Systems PacketShaper 8.3.2 Blue Coat Systems iShaper 8.3.2 Blue Coat Systems Director 5.2.2 .5 Blue Coat Systems Director 4.2.2 .4 Apple Mac OS X Server 10.5.5 Apple iPod Touch 2.1 Apple iPhone 2.1 |
Discussion
Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
Multiple vendors' implementations of the DNS protocol are prone to a DNS-spoofing vulnerability because the software fails to securely implement random values when performing DNS queries.
Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.
This issue affects Microsoft Windows DNS Clients and Servers, ISC BIND 8 and 9, and multiple Cisco IOS releases; other DNS implementations may also be vulnerable.
Multiple vendors' implementations of the DNS protocol are prone to a DNS-spoofing vulnerability because the software fails to securely implement random values when performing DNS queries.
Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.
This issue affects Microsoft Windows DNS Clients and Servers, ISC BIND 8 and 9, and multiple Cisco IOS releases; other DNS implementations may also be vulnerable.
Exploit / POC
Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
An attacker can use standard tools to exploit this issue.
UPDATE (July 30, 2008): There are reports of evidence of active exploit attempts in targeted attacks.
The following exploit code and exploit modules for the Metasploit framework are available:
An attacker can use standard tools to exploit this issue.
UPDATE (July 30, 2008): There are reports of evidence of active exploit attempts in targeted attacks.
The following exploit code and exploit modules for the Metasploit framework are available:
Solution / Fix
Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
Solution:
The vendor has released an advisory along with fixes to address this issue. Please see the references for more information.
NOTE: There are several reports that various firewall and security gateway applications are adversely affected by the changes associated with the fixes for this issue. Some vendors recommend removing the Microsoft patch associated with this issue. Users are advised to use extreme caution and to thoroughly evaluate the impact of removing the patch before doing so.
UPDATE: Microsoft has released an updated advisory detailing known issues with their updates.
UPDATE (August 1, 2008): Reports indicate that the Apple update for OS X 10.4.11 may not fully address this issue; Symantec has not confirmed this. Please see the references for more information.
Microsoft Windows Server 2003 Web Edition SP2
HP TCP/IP Services for OpenVMS Alpha 5.5
HP TCP/IP Services for OpenVMS Alpha 5.4
Microsoft Windows XP Professional x64 Edition
Yukihiro Matsumoto Ruby 1.8.5 -p231
Apple Mac OS X Server 10.5.2
ISC BIND 9.3.1
ISC BIND 9.3.2
ISC BIND 9.3.3
ISC BIND 9.4 a1
ISC BIND 9.4.1
Solution:
The vendor has released an advisory along with fixes to address this issue. Please see the references for more information.
NOTE: There are several reports that various firewall and security gateway applications are adversely affected by the changes associated with the fixes for this issue. Some vendors recommend removing the Microsoft patch associated with this issue. Users are advised to use extreme caution and to thoroughly evaluate the impact of removing the patch before doing so.
UPDATE: Microsoft has released an updated advisory detailing known issues with their updates.
UPDATE (August 1, 2008): Reports indicate that the Apple update for OS X 10.4.11 may not fully address this issue; Symantec has not confirmed this. Please see the references for more information.
Microsoft Windows Server 2003 Web Edition SP2
-
Microsoft Security Update for Windows Server 2003 (KB951746)
http://www.microsoft.com/downloads/details.aspx?familyid=d1fcb794-e6a5 -4c28-b3b3-9cd88f468a42&displaylang=en -
Microsoft Security Update for Windows Server 2003 (KB951748)
http://www.microsoft.com/downloads/details.aspx?familyid=4ef5033c-9843 -4e0b-bfad-fcaf05d7dab9&displaylang=en
HP TCP/IP Services for OpenVMS Alpha 5.5
-
HP HP Alpha BIND Server Patch for TCP/IP Services
ftp://ftp.hp.com/pub/openvms/network/TCPIP_BIND_SERVER.ZIPEXE_ALPHA
HP TCP/IP Services for OpenVMS Alpha 5.4
-
HP HP Alpha BIND Server Patch for TCP/IP Services
ftp://ftp.hp.com/pub/openvms/network/TCPIP_BIND_SERVER.ZIPEXE_ALPHA
Microsoft Windows XP Professional x64 Edition
-
Microsoft Security Update for Windows XP x64 Edition (KB951748)
http://www.microsoft.com/downloads/details.aspx?familyid=a2b016fa-b108 -4e8e-b41b-4ca89002907b&displaylang=en
Yukihiro Matsumoto Ruby 1.8.5 -p231
-
Yukihiro Matsumoto ruby-1.8.6-p287.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p287.tar.gz
Apple Mac OS X Server 10.5.2
-
Apple MacOSXServerUpdCombo10.5.5.dmg
http://www.apple.com/support/downloads/
ISC BIND 9.3.1
-
ISC bind-9.3.5-P2.tar.gz
http://www.isc.org/sw/dl?pkg=bind9/9.3.5-P2/bind-9.3.5-P2.tar.gz&name= BIND%209.3.5-P2%20Source
ISC BIND 9.3.2
-
ISC bind-9.3.5-P2.tar.gz
http://www.isc.org/sw/dl?pkg=bind9/9.3.5-P2/bind-9.3.5-P2.tar.gz&name= BIND%209.3.5-P2%20Source
ISC BIND 9.3.3
-
ISC bind-9.3.5-P2.tar.gz
http://www.isc.org/sw/dl?pkg=bind9/9.3.5-P2/bind-9.3.5-P2.tar.gz&name= BIND%209.3.5-P2%20Source
ISC BIND 9.4 a1
-
ISC bind-9.4.2-P2.tar.gz
http://www.isc.org/sw/dl?pkg=bind9/9.4.2-P2/bind-9.4.2-P2.tar.gz&name= BIND%209.4.2-P2%20Source
ISC BIND 9.4.1
-
ISC bind-9.4.2-P2.tar.gz
http://www.isc.org/sw/dl?pkg=bind9/9.4.2-P2/bind-9.4.2-P2.tar.gz&name= BIND%209.4.2-P2%20Source
References
Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing Vulnerability
References:
References:
- ISRs available for BIND DNS vulnerability VU#800113 (Sun)
- About the security content of Mac OS X v10.5.5 and Security Update 2008-006 (Apple)
- Apple DNS Patch Fails To Randomize (Andrew Storms)
- BIND 9.3.5-P2 (ISC)
- BIND 9.4.2-P2 (ISC)
- BIND 9.5.0-P2 (ISC)
- BlueCat Networks Support Services (BlueCat Networks)
- Check Point Software Homepage (Check Point Software)
- djbdns Homepage (tinydns.org)
- DNS Attacks in the Wild (HD Moore)
- DNS Best Practices, Network Protections, and Attack Identification (Cisco)
- DNS Multiple Race Exploiter: DNS Cache Poisoner/Overwriter (AR)
- F5 BIG-IP Homepage (F5)
- Homepage (F5 Software)
- Hotfix AG2000_v457 Rev B - Access Gateway Standard Edition 4.5.7 (Citrix)
- IMPROVED DNS SPOOFING USING NODE RE-DELEGATION (Bernhard Mueller
- Internet System Consortium releases BIND -P2 patches (US-CERT)
- IPCop Home Page (IPCop)
- Microsoft Windows Homepage (Microsoft )
- Multiple vulnerabilities in Ruby (Ruby)
- OpenBSD 4.2 Errata Page (OpenBSD)
- OpenBSD 4.3 Errata Page (OpenBSD)
- pdnsd Changelog (pdnsd)
- Release notice for Ingate Firewall® 4.6.4 and Ingate SIParator® 4.6.4 (Ingate)
- Reliable DNS Forgery in 2008 - Kaminsky�??s Discovery (darkoz)
- Vendor Homepage (BlueCat Networks)
- Vendor Homepage (F5)
- VMware Homepage (VMware)
- Wind River Homepage (Wind River)
- Yamaha RT Series Routers DNS Cache Poisoning (Yamaha)
- ZoneAlarm Product Page (Check Point)
- [security bulletin] HPSBMP02404 SSRT090014 rev.1 - MPE/iX Running BIND/iX, Remot ([email protected])
- [security bulletin] HPSBUX02351 SSRT080058 rev.4 - HP-UX Running BIND, Remote DN ([email protected])
- CAU-EX-2008-0002: Kaminsky DNS Cache Poisoning Flaw Exploit ("I\)ruid"
- Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoni (Cisco Systems Product Security Incident Response Team)
- DNS Multiple Race Exploiting Tool ("AR"
- FreeBSD Security Advisory FreeBSD-SA-08:06.bind (FreeBSD Security Advisories
- HPSBUX02351 SSRT080058 rev.1 - HP-UX Running BIND, Remote DNS Cache Poisoning ([email protected])
- Microsoft DNS patch KB951748 incompatible with Zonealarm ("Pages-Web.com - Services internet"
- Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update imp ("\[ISR\] - Infobyte Security Research"
- Whitepaper: DNS zone redelegation (Bernhard Mueller
- ASA-2008-288 MS08-037 Vulnerabilities in DNS Could Allow Spoofing (953230) (Avaya)
- CERT VU#800113 DNS Cache Poisoning Issue (ISC)
- Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoni (Cisco)
- CTX117991 - DNS Cache Poisoning Vulnerabilities in NetScaler (Citrix)
- DNS CACHE POISONING VULNERABILITY (CERT VU#800113) (Blue Coat Systems)
- HPSBMP02404 SSRT090014 (HP)
- HPSBNS02405 SSRT071449: rev.1 - HP NonStop Server running BIND, Remote DNS Cache (HP)
- HPSBOV03226 rev.1 - HP TCP/IP Services for OpenVMS (HP)
- IBM APAR IZ26670 (IBM)
- IBM Corporation Information for VU#800113 (US-CERT)
- Infoblox Information for VU#800113 (US-CERT)
- IPCop 1.4.19 / 1.4.20 released (IPCop)
- Juniper Networks, Inc. Information for VU#800113 (US CERT)
- Microsoft Security Advisory (956187) - Increased Threat for DNS Spoofing Vulnera (Microsoft)
- Microsoft Security Bulletin MS08-037 �?? Important (Microsoft)
- Multiple DNS implementations vulnerable to cache poisoning (Alcatel-Lucent)
- Nixu Information for VU#800113 (US-CERT)
- Nominum Software Security Advisory NOM-20080708 (Nominum Software)
- Nortel Networks Security Advisory 2008009038, Rev 1 (Nortel Networks)
- Nortel Response to Microsoft Security Bulletin MS08-037 (Nortel Networks)
- RHSA-2008:0533-3 bind security update (Red Hat)
- RHSA-2008:0789-3 dnsmasq security update (Red Hat)
- Solution 239392 : Security Vulnerability in the DNS Protocol may lead to DNS (Sun)
- Solution 240048: Update to Sun Alert 239392 - Security Vulnerability in the DNS (Sun Microsystems)
- Solution 245206: Security Vulnerability in Solaris IP Filter Network Address Tra (Sun)
- Status of CVE-2008-1447 - Multiple DNS implementations vulnerable to cache poiso (Novell)
- This is a security bugfix Up2Date package for the DNS proxy. (Astaro)
- Up2Date 6.314 Released (Astaro)
- UPDATE AIX named DNS Cache Poisoning Vulnerability (IBM)
- Vulnerability in Access Gateway Standard and Advanced Edition Appliance firmware (Citrix)
- Vulnerability Note VU#800113 Multiple DNS implementations vulnerable to cache po (US-CERT)