Medium severity6.8NVD Advisory· Published Jul 8, 2008· Updated Apr 23, 2026

CVE-2008-1447

Description

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."

Affected products

Isc/Bind3 versions
cpe:2.3:a:isc:bind:4:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:isc:bind:4:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:8:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2.9:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

196

www.debian.org/security/2008/dsa-1603nvdPatch
docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-037nvdPatchVendor Advisory
ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.ascnvdThird Party AdvisoryVendor Advisory
bugs.debian.org/cgi-bin/bugreport.cginvdThird Party Advisory
lists.apple.com/archives/security-announce//2008/Jul/msg00003.htmlnvdMailing ListThird Party Advisory
lists.apple.com/archives/security-announce//2008/Sep/msg00003.htmlnvdMailing ListThird Party Advisory
lists.apple.com/archives/security-announce//2008/Sep/msg00004.htmlnvdMailing ListThird Party Advisory
lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.htmlnvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlnvdThird Party Advisory
marc.infonvdThird Party Advisory
marc.infonvdThird Party Advisory
marc.infonvdThird Party Advisory
marc.infonvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2008-0533.htmlnvdThird Party Advisory
secunia.com/advisories/30925nvdThird Party Advisory
secunia.com/advisories/30973nvdThird Party Advisory
secunia.com/advisories/30977nvdThird Party Advisory
secunia.com/advisories/30979nvdThird Party Advisory
secunia.com/advisories/30980nvdThird Party Advisory
secunia.com/advisories/30988nvdThird Party AdvisoryVendor Advisory
secunia.com/advisories/30989nvdVendor Advisory
secunia.com/advisories/30998nvdThird Party Advisory
secunia.com/advisories/31011nvdThird Party Advisory
secunia.com/advisories/31012nvdThird Party Advisory
secunia.com/advisories/31014nvdThird Party Advisory
secunia.com/advisories/31019nvdThird Party Advisory
secunia.com/advisories/31022nvdThird Party Advisory
secunia.com/advisories/31030nvdThird Party Advisory
secunia.com/advisories/31031nvdThird Party Advisory
secunia.com/advisories/31033nvdVendor Advisory
secunia.com/advisories/31052nvdVendor Advisory
secunia.com/advisories/31065nvdThird Party Advisory
secunia.com/advisories/31072nvdThird Party Advisory
secunia.com/advisories/31093nvdThird Party Advisory
secunia.com/advisories/31094nvdVendor Advisory
secunia.com/advisories/31137nvdVendor Advisory
secunia.com/advisories/31143nvdThird Party Advisory
secunia.com/advisories/31151nvdThird Party Advisory
secunia.com/advisories/31152nvdThird Party Advisory
secunia.com/advisories/31153nvdThird Party Advisory
secunia.com/advisories/31169nvdThird Party Advisory
secunia.com/advisories/31197nvdVendor Advisory
secunia.com/advisories/31199nvdThird Party Advisory
secunia.com/advisories/31204nvdThird Party Advisory
secunia.com/advisories/31207nvdVendor Advisory
secunia.com/advisories/31209nvdThird Party Advisory
secunia.com/advisories/31212nvdThird Party Advisory
secunia.com/advisories/31213nvdThird Party Advisory
secunia.com/advisories/31221nvdThird Party Advisory
secunia.com/advisories/31236nvdThird Party Advisory
secunia.com/advisories/31237nvdVendor Advisory
secunia.com/advisories/31254nvdVendor Advisory
secunia.com/advisories/31326nvdThird Party Advisory
secunia.com/advisories/31354nvdThird Party Advisory
secunia.com/advisories/31422nvdThird Party Advisory
secunia.com/advisories/31430nvdThird Party Advisory
secunia.com/advisories/31451nvdThird Party Advisory
secunia.com/advisories/31482nvdThird Party Advisory
secunia.com/advisories/31495nvdThird Party Advisory
secunia.com/advisories/31588nvdThird Party Advisory
secunia.com/advisories/31687nvdThird Party Advisory
secunia.com/advisories/31823nvdThird Party Advisory
secunia.com/advisories/31882nvdThird Party Advisory
secunia.com/advisories/31900nvdThird Party Advisory
secunia.com/advisories/33178nvdThird Party Advisory
secunia.com/advisories/33714nvdThird Party Advisory
secunia.com/advisories/33786nvdThird Party Advisory
security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.ascnvdThird Party Advisory
security.gentoo.org/glsa/glsa-200807-08.xmlnvdThird Party Advisory
security.gentoo.org/glsa/glsa-200812-17.xmlnvdThird Party Advisory
security.gentoo.org/glsa/glsa-201209-25.xmlnvdThird Party Advisory
slackware.com/security/viewer.phpnvdThird Party Advisory
slackware.com/security/viewer.phpnvdThird Party Advisory
sunsolve.sun.com/search/document.donvdThird Party Advisory
sunsolve.sun.com/search/document.donvdThird Party Advisory
support.apple.com/kb/HT3026nvdThird Party Advisory
support.apple.com/kb/HT3129nvdThird Party Advisory
support.citrix.com/article/CTX117991nvdThird Party Advisory
support.citrix.com/article/CTX118183nvdThird Party Advisory
support.nortel.com/go/main.jspnvdThird Party Advisory
up2date.astaro.com/2008/08/up2date_7202_released.htmlnvdThird Party Advisory
wiki.rpath.com/wiki/Advisories:rPSA-2008-0231nvdThird Party Advisory
wiki.rpath.com/wiki/Advisories:rPSA-2010-0018nvdThird Party Advisory
www.bluecoat.com/support/security-advisories/dns_cache_poisoningnvdThird Party Advisory
www.caughq.org/exploits/CAU-EX-2008-0002.txtnvdThird Party Advisory
www.caughq.org/exploits/CAU-EX-2008-0003.txtnvdThird Party Advisory
www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtmlnvdThird Party Advisory
www.debian.org/security/2008/dsa-1604nvdThird Party Advisory
www.debian.org/security/2008/dsa-1605nvdThird Party Advisory
www.debian.org/security/2008/dsa-1619nvdThird Party Advisory
www.debian.org/security/2008/dsa-1623nvdThird Party Advisory
www.doxpara.comnvdThird Party Advisory
www.doxpara.com/DMK_BO2K8.pptnvdThird Party Advisory
www.ibm.com/support/docview.wssnvdThird Party Advisory
www.ibm.com/support/docview.wssnvdThird Party Advisory
www.ibm.com/support/docview.wssnvdThird Party Advisory
www.ibm.com/support/docview.wssnvdThird Party Advisory
www.ibm.com/support/docview.wssnvdThird Party Advisory
www.ibm.com/support/docview.wssnvdThird Party Advisory
www.ipcop.org/index.phpnvdThird Party Advisory
www.isc.org/index.plnvdThird Party Advisory
www.kb.cert.org/vuls/id/800113nvdThird Party AdvisoryUS Government Resource
www.kb.cert.org/vuls/id/MIMG-7DWR4JnvdThird Party AdvisoryUS Government Resource
www.kb.cert.org/vuls/id/MIMG-7ECL8QnvdThird Party AdvisoryUS Government Resource
www.mandriva.com/security/advisoriesnvdThird Party Advisory
www.nominum.com/asset_upload_file741_2661.pdfnvdThird Party Advisory
www.novell.com/support/viewContent.donvdThird Party Advisory
www.openbsd.org/errata42.htmlnvdThird Party Advisory
www.openbsd.org/errata43.htmlnvdThird Party Advisory
www.phys.uu.nl/~rombouts/pdnsd.htmlnvdThird Party Advisory
www.phys.uu.nl/~rombouts/pdnsd/ChangeLognvdThird Party Advisory
www.redhat.com/support/errata/RHSA-2008-0789.htmlnvdThird Party Advisory
www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.htmlnvdThird Party Advisory
www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/nvdThird Party Advisory
www.securityfocus.com/archive/1/495289/100/0/threadednvdThird Party AdvisoryVDB Entry
www.securityfocus.com/archive/1/495869/100/0/threadednvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/30131nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/usn-622-1nvdThird Party Advisory
www.ubuntu.com/usn/usn-627-1nvdThird Party Advisory
www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.htmlnvdThird Party Advisory
www.us-cert.gov/cas/techalerts/TA08-190A.htmlnvdThird Party AdvisoryUS Government Resource
www.us-cert.gov/cas/techalerts/TA08-190B.htmlnvdThird Party AdvisoryUS Government Resource
www.us-cert.gov/cas/techalerts/TA08-260A.htmlnvdThird Party AdvisoryUS Government Resource
www.vmware.com/security/advisories/VMSA-2008-0014.htmlnvdThird Party Advisory
www.vupen.com/english/advisories/2008/2019/referencesnvdThird Party Advisory
www.vupen.com/english/advisories/2008/2023/referencesnvdThird Party Advisory
www.vupen.com/english/advisories/2008/2025/referencesnvdThird Party Advisory
www.vupen.com/english/advisories/2008/2029/referencesnvdThird Party Advisory
www.vupen.com/english/advisories/2008/2030/referencesnvdThird Party Advisory
www.vupen.com/english/advisories/2008/2050/referencesnvdThird Party Advisory
www.vupen.com/english/advisories/2008/2051/referencesnvdThird Party Advisory
www.vupen.com/english/advisories/2008/2052/referencesnvdThird Party Advisory
www.vupen.com/english/advisories/2008/2055/referencesnvdThird Party Advisory
www.vupen.com/english/advisories/2008/2092/referencesnvdThird Party Advisory
www.vupen.com/english/advisories/2008/2113/referencesnvdThird Party Advisory
www.vupen.com/english/advisories/2008/2114/referencesnvdThird Party Advisory
www.vupen.com/english/advisories/2008/2123/referencesnvdThird Party Advisory
www.vupen.com/english/advisories/2008/2139/referencesnvdThird Party Advisory
www.vupen.com/english/advisories/2008/2166/referencesnvdThird Party Advisory
www.vupen.com/english/advisories/2008/2195/referencesnvdThird Party Advisory
www.vupen.com/english/advisories/2008/2196/referencesnvdThird Party Advisory
www.vupen.com/english/advisories/2008/2197/referencesnvdThird Party Advisory
www.vupen.com/english/advisories/2008/2268nvdThird Party Advisory
www.vupen.com/english/advisories/2008/2291nvdThird Party Advisory
www.vupen.com/english/advisories/2008/2334nvdThird Party Advisory
www.vupen.com/english/advisories/2008/2342nvdThird Party Advisory
www.vupen.com/english/advisories/2008/2377nvdThird Party Advisory
www.vupen.com/english/advisories/2008/2383nvdThird Party Advisory
www.vupen.com/english/advisories/2008/2384nvdThird Party Advisory
www.vupen.com/english/advisories/2008/2466nvdThird Party Advisory
www.vupen.com/english/advisories/2008/2467nvdThird Party Advisory
www.vupen.com/english/advisories/2008/2482nvdThird Party Advisory
www.vupen.com/english/advisories/2008/2525nvdThird Party Advisory
www.vupen.com/english/advisories/2008/2549nvdThird Party Advisory
www.vupen.com/english/advisories/2008/2558nvdThird Party Advisory
www.vupen.com/english/advisories/2008/2582nvdThird Party Advisory
www.vupen.com/english/advisories/2008/2584nvdThird Party Advisory
www.vupen.com/english/advisories/2009/0297nvdThird Party Advisory
www.vupen.com/english/advisories/2009/0311nvdThird Party Advisory
www.vupen.com/english/advisories/2010/0622nvdThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/43334nvdThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/43637nvdThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/6122nvdThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/6123nvdThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/6130nvdThird Party AdvisoryVDB Entry
www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.htmlnvdThird Party Advisory
www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.htmlnvdThird Party Advisory
blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.htmlnvdTechnical Description
h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvdBroken Link
h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvdBroken Link
lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.htmlnvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12117nvdTool Signature
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5725nvdTool Signature
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5761nvdTool Signature
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5917nvdTool Signature
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9627nvdTool Signature

News mentions

No linked articles in our index yet.

cvss	0.442
epss	0.069
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000