CVE-2008-1447

Executive Summary

Informations
Name	CVE-2008-1447	First vendor Publication	2008-07-08
Vendor	Cve	Last vendor Modification	2013-05-14

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:P)
Cvss Base Score	6.4	Attack Range	Network
Cvss Impact Score	4.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9627

Oval ID:	oval:org.mitre.oval:def:9627
Title:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Description:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1447	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section bind-utils is earlier than 20:9.2.4-22.el3 AND bind-devel is earlier than 20:9.2.4-22.el3 AND bind-chroot is earlier than 20:9.2.4-22.el3 AND bind is earlier than 20:9.2.4-22.el3 AND bind-libs is earlier than 20:9.2.4-22.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section bind-utils is earlier than 20:9.2.4-28.0.1.el4 AND bind-devel is earlier than 20:9.2.4-28.0.1.el4 AND bind-chroot is earlier than 20:9.2.4-28.0.1.el4 AND selinux-policy-targeted is earlier than 0:1.17.30-2.150.el4 AND selinux-policy-targeted-sources is earlier than 0:1.17.30-2.150.el4 AND bind is earlier than 20:9.2.4-28.0.1.el4 AND bind-libs is earlier than 20:9.2.4-28.0.1.el4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section bind-libbind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-devel is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-chroot is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND selinux-policy-targeted is earlier than 0:2.4.6-137.1.el5_2 AND dnsmasq is earlier than 0:2.45-1.el5_2.1 AND bind-sdb is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND bind-utils is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND selinux-policy-devel is earlier than 0:2.4.6-137.1.el5_2 AND caching-nameserver is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND selinux-policy is earlier than 0:2.4.6-137.1.el5_2 AND bind-libs is earlier than 30:9.3.4-6.0.2.P1.el5_2 AND selinux-policy-strict is earlier than 0:2.4.6-137.1.el5_2 AND selinux-policy-mls is earlier than 0:2.4.6-137.1.el5_2

Definition Id: oval:org.mitre.oval:def:5917

Oval ID:	oval:org.mitre.oval:def:5917
Title:	Security Vulnerability in the DNS Protocol May Lead to DNS Cache Poisoning
Description:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1447	Version:	1
Platform(s):	Sun Solaris 8 Sun Solaris 9 Sun Solaris 10	Product(s):
Definition Synopsis:
Software Section Solaris 8 (SPARC) meets Sun Alert 239392 Solaris 8 (SPARC) is installed AND NOT Patch 109326-23 or later installed OR Solaris 9 (SPARC) meets Sun Alert 239392 Solaris 9 (SPARC) is installed AND NOT Patch 112837-15 or later installed OR Solaris 10 (SPARC) meets Sun Alert 239392 Solaris 10 (SPARC) is installed AND NOT Patch 119783-06 or later installed OR Solaris 8 (x86) meets Sun Alert 239392 Solaris 8 (x86) is installed AND NOT Patch 109327-23 or later installed OR Solaris 9 (x86) meets Sun Alert 239392 Solaris 9 (x86) is installed AND NOT Patch 114265-14 or later installed OR Solaris 10 (x86) meets Sun Alert 239392 Solaris 10 (x86) is installed AND NOT Patch 119784-06 or later installed AND in.named running

Definition Id: oval:org.mitre.oval:def:5761

Oval ID:	oval:org.mitre.oval:def:5761
Title:	HP-UX Running BIND, Remote DNS Cache Poisoning
Description:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1447	Version:	1
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.11 AND BindUpgrade.BIND-UPGRADE version is less than C.9.3.2.3.0 OR Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.23 AND filesets tests InternetSrvcs.INETSVCS-INETD is installed AND InternetSrvcs.INETSVCS-RUN is installed AND InternetSrvcs.INETSVCS2-RUN is installed AND NOT Patch PHNE_37865 is installed OR Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.23 AND filesets tests BindUpgrade.BIND-UPGRADE version is less than C.9.3.2.3.0 AND BindUpgrade.BIND2-UPGRADE version is less than C.9.3.2.3.0 OR Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.11 AND BINDv920.INETSVCS-BIND version is less than B.11.11.01.011 OR Criteria meets HP Security Bulletin HPSBUX02351 HP-UX B.11.31 AND filesets tests NameService.BIND-AUX version is less than C.9.3.2.3.0 AND NameService.BIND-RUN version is less than C.9.3.2.3.0

Definition Id: oval:org.mitre.oval:def:5725

Oval ID:	oval:org.mitre.oval:def:5725
Title:	DNS Insufficient Socket Entropy Vulnerability
Description:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-1447	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):
Definition Synopsis:
Win 2K SP4 and vulnerable version of file Microsoft Windows 2000 SP4 or later is installed AND Check for vulnerable version of server or client file dnsapi.dll version is less than 5.0.2195.7280 AND Dns.exe version is less than 5.0.2195.7162 OR Win XP SP2 X86 and vulnerable version of client file Microsoft Windows XP (x86) SP2 is installed AND dnsapi.dll version is less than 5.1.2600.3394 OR Win XP SP3 X86 and vulnerable version of client file Microsoft Windows XP (x86) SP3 is installed AND dnsapi.dll version is less than 5.1.2600.5625 OR Win XP X64 SP1 and vulnerable version of client file Microsoft Windows XP Professional x64 Edition SP1 is installed AND dnsapi.dll version is less than 5.2.3790.3161 OR Win XP X64 and vulnerable version of client file Microsoft Windows XP x64 Edition SP2 is installed AND dnsapi.dll version is less than 5.2.3790.4318 OR Win 2k3 SP1 and vulnerable version of client or server file Win 2K3 SP1 (X86/ X64/IA64) Microsoft Windows Server 2003 SP1 (x86) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 SP1 for Itanium is installed AND Check for vulnerable version of client or server file dnsapi.dll version is less than 5.2.3790.3161 AND dns.exe version is less than 5.2.3790.3161 OR Win 2k3 SP2 and vulnerable version of client or server file Win 2K3 SP2 (X86/ X64/IA64) Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Check for vulnerable version of client or server file dnsapi.dll version is less than 5.2.3790.4318 AND dns.exe version is less than 5.2.3790.4318

Definition Id: oval:org.mitre.oval:def:12117

Oval ID:	oval:org.mitre.oval:def:12117
Title:	HP-UX Running BIND, Remote DNS Cache Poisoning
Description:	The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1447	Version:	4
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.23 AND filesets tests InternetSrvcs.INETSVCS-INETD is installed AND InternetSrvcs.INETSVCS-RUN is installed AND InternetSrvcs.INETSVCS2-RUN is installed AND NOT Patch PHNE_37865 is installed OR Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.11 AND BINDv920.INETSVCS-BIND version is less than B.11.11.01.015 OR Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.23 AND filesets tests BindUpgrade.BIND-UPGRADE version is less than C.9.3.2.7.0 AND BindUpgrade.BIND2-UPGRADE version is less than C.9.3.2.7.0 OR Criteria meets HP Security Bulletin HPSBUX02351 HP Release B.11.11 AND InternetSrvcs.INETSVCS-RUN version is less than C.9.3.2.7.0 OR Criteria meets HP Security Bulletin HPSBUX02351 HP-UX B.11.31 AND filesets tests NameService.BIND-AUX version is less than C.9.3.2.7.0 AND NameService.BIND-RUN version is less than C.9.3.2.7.0

CPE : Common Platform Enumeration

Type	Description	Count
Application	Isc Bind cpe:/a:isc:bind:9.2.9 cpe:/a:isc:bind:8 cpe:/a:isc:bind:4	3

Milw0rm Exploits

id	Description
2008-07-25	BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c)
2008-07-24	BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py)
2008-07-23	BIND 9.4.1-9.4.2 Remote DNS Cache Poisoning Flaw Exploit (meta)

ExploitDB Exploits

id	Description
2008-07-25	BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c)
2008-07-24	BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py)
2008-07-23	BIND 9.4.1-9.4.2 Remote DNS Cache Poisoning Flaw Exploit (meta)

Open Source Vulnerability Database (OSVDB)

id	Description
53917	HP Multiple Products DNS Query ID Field Prediction Cache Poisoning
53530	Check Point DNS Query ID Field Prediction Cache Poisoning
48256	Ingate Firewall/SIParator DNS Query ID Field Prediction Cache Poisoning
48244	pdnsd DNS Query ID Field Prediction Cache Poisoning
48186	Apple Mac OS X DNS Query ID Field Prediction Cache Poisoning
47927	Nortel Business Communications Manager DNS Query ID Field Prediction Cache Po...
47926	Astaro Security Gateway DNS Query ID Field Prediction Cache Poisoning
47916	Citrix Access Gateway DNS Query ID Field Prediction Cache Poisoning
47660	VitalQIP DNS Query ID Field Prediction Cache Poisoning
47588	Yamaha RT Series Routers DNS Query ID Field Prediction Cache Poisoning
47546	Astaro Security Gateway DNS Proxy DNS Query ID Field Prediction Cache Poisoning
47510	Dnsmasq DNS Query ID Field Prediction Cache Poisoning
47233	Secure Computing Sidewinder / CyberGuard DNS Query ID Field Prediction Cache ...
47232	F5 Multiple Product DNS Query ID Field Prediction Cache Poisoning
46916	Juniper Networks Multiple Products DNS Query ID Field Prediction Cache Poisoning
46837	Solaris named(1M) DNS Query ID Field Prediction Cache Poisoning
46836	Nominum CNS / Vantio DNS Query ID Field Prediction Cache Poisoning
46786	Cisco Multiple Products DNS Query ID Field Prediction Cache Poisoning
46777	Microsoft Windows DNS Socket Entropy Weakness Cache Poisoning
46776	ISC BIND DNS Query ID Field Prediction Cache Poisoning

Metasploit Database

id	Description
2008-07-21	DNS BailiWicked Host Attack
2008-07-21	DNS BailiWicked Domain Attack

Internal Sources (Detail)

Source	Url
AIXAPAR	http://www.ibm.com/support/docview.wss?uid=isg1IZ26667 http://www.ibm.com/support/docview.wss?uid=isg1IZ26668 http://www.ibm.com/support/docview.wss?uid=isg1IZ26669 http://www.ibm.com/support/docview.wss?uid=isg1IZ26670 http://www.ibm.com/support/docview.wss?uid=isg1IZ26671 http://www.ibm.com/support/docview.wss?uid=isg1IZ26672
APPLE	http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
BID	http://www.securityfocus.com/bid/30131
BUGTRAQ	http://www.securityfocus.com/archive/1/archive/1/495289/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/495869/100/0/threaded
CERT	http://www.us-cert.gov/cas/techalerts/TA08-190A.html http://www.us-cert.gov/cas/techalerts/TA08-190B.html http://www.us-cert.gov/cas/techalerts/TA08-260A.html
CERT-VN	http://www.kb.cert.org/vuls/id/800113
CISCO	http://www.cisco.com/en/US/products/products_security_advisory09186a00809c216...
CONFIRM	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401 http://support.apple.com/kb/HT3026 http://support.apple.com/kb/HT3129 http://support.citrix.com/article/CTX117991 http://support.citrix.com/article/CTX118183 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=762152 http://up2date.astaro.com/2008/08/up2date_7202_released.html http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning http://www.ipcop.org/index.php?name=News&file=article&sid=40 http://www.isc.org/index.pl?/sw/bind/bind-security.php http://www.kb.cert.org/vuls/id/MIMG-7DWR4J http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q http://www.novell.com/support/viewContent.do?externalId=7000912 http://www.phys.uu.nl/~rombouts/pdnsd.html http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ http://www.vmware.com/security/advisories/VMSA-2008-0014.html
DEBIAN	http://www.debian.org/security/2008/dsa-1603 http://www.debian.org/security/2008/dsa-1604 http://www.debian.org/security/2008/dsa-1605 http://www.debian.org/security/2008/dsa-1619 http://www.debian.org/security/2008/dsa-1623
FEDORA	https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html
FREEBSD	http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc
FULLDISC	http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
GENTOO	http://security.gentoo.org/glsa/glsa-200807-08.xml http://security.gentoo.org/glsa/glsa-200812-17.xml http://security.gentoo.org/glsa/glsa-201209-25.xml
HP	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368 http://marc.info/?l=bugtraq&m=121630706004256&w=2 http://marc.info/?l=bugtraq&m=121866517322103&w=2 http://marc.info/?l=bugtraq&m=123324863916385&w=2
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2008:139
MILW0RM	http://www.milw0rm.com/exploits/6122 http://www.milw0rm.com/exploits/6123 http://www.milw0rm.com/exploits/6130
MISC	http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-lea... http://www.caughq.org/exploits/CAU-EX-2008-0002.txt http://www.caughq.org/exploits/CAU-EX-2008-0003.txt http://www.doxpara.com/?p=1176 http://www.doxpara.com/DMK_BO2K8.ppt http://www.nominum.com/asset_upload_file741_2661.pdf http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
MS	http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
NETBSD	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc
OPENBSD	http://www.openbsd.org/errata42.html#013_bind http://www.openbsd.org/errata43.html#004_bind
REDHAT	http://rhn.redhat.com/errata/RHSA-2008-0533.html http://www.redhat.com/support/errata/RHSA-2008-0789.html
SECTRACK	http://www.securitytracker.com/id?1020437 http://www.securitytracker.com/id?1020438 http://www.securitytracker.com/id?1020440 http://www.securitytracker.com/id?1020448 http://www.securitytracker.com/id?1020449 http://www.securitytracker.com/id?1020548 http://www.securitytracker.com/id?1020558 http://www.securitytracker.com/id?1020560 http://www.securitytracker.com/id?1020561 http://www.securitytracker.com/id?1020575 http://www.securitytracker.com/id?1020576 http://www.securitytracker.com/id?1020577 http://www.securitytracker.com/id?1020578 http://www.securitytracker.com/id?1020579 http://www.securitytracker.com/id?1020651 http://www.securitytracker.com/id?1020653 http://www.securitytracker.com/id?1020702 http://www.securitytracker.com/id?1020802 http://www.securitytracker.com/id?1020804
SECUNIA	http://secunia.com/advisories/30925 http://secunia.com/advisories/30973 http://secunia.com/advisories/30977 http://secunia.com/advisories/30979 http://secunia.com/advisories/30980 http://secunia.com/advisories/30988 http://secunia.com/advisories/30989 http://secunia.com/advisories/30998 http://secunia.com/advisories/31011 http://secunia.com/advisories/31012 http://secunia.com/advisories/31014 http://secunia.com/advisories/31019 http://secunia.com/advisories/31022 http://secunia.com/advisories/31030 http://secunia.com/advisories/31031 http://secunia.com/advisories/31033 http://secunia.com/advisories/31052 http://secunia.com/advisories/31065 http://secunia.com/advisories/31072 http://secunia.com/advisories/31093 http://secunia.com/advisories/31094 http://secunia.com/advisories/31137 http://secunia.com/advisories/31143 http://secunia.com/advisories/31151 http://secunia.com/advisories/31152 http://secunia.com/advisories/31153 http://secunia.com/advisories/31169 http://secunia.com/advisories/31197 http://secunia.com/advisories/31199 http://secunia.com/advisories/31204 http://secunia.com/advisories/31207 http://secunia.com/advisories/31209 http://secunia.com/advisories/31212 http://secunia.com/advisories/31213 http://secunia.com/advisories/31221 http://secunia.com/advisories/31236 http://secunia.com/advisories/31237 http://secunia.com/advisories/31254 http://secunia.com/advisories/31326 http://secunia.com/advisories/31354 http://secunia.com/advisories/31422 http://secunia.com/advisories/31430 http://secunia.com/advisories/31451 http://secunia.com/advisories/31482 http://secunia.com/advisories/31495 http://secunia.com/advisories/31588 http://secunia.com/advisories/31687 http://secunia.com/advisories/31823 http://secunia.com/advisories/31882 http://secunia.com/advisories/31900 http://secunia.com/advisories/33178 http://secunia.com/advisories/33714 http://secunia.com/advisories/33786
SLACKWARE	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&... http://slackware.com/security/viewer.php?l=slackware-security&y=2008&...
SUNALERT	http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-240048-1
SUSE	http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
UBUNTU	http://www.ubuntu.com/usn/usn-622-1 http://www.ubuntu.com/usn/usn-627-1
VUPEN	http://www.vupen.com/english/advisories/2008/2019/references http://www.vupen.com/english/advisories/2008/2023/references http://www.vupen.com/english/advisories/2008/2025/references http://www.vupen.com/english/advisories/2008/2029/references http://www.vupen.com/english/advisories/2008/2030/references http://www.vupen.com/english/advisories/2008/2050/references http://www.vupen.com/english/advisories/2008/2051/references http://www.vupen.com/english/advisories/2008/2052/references http://www.vupen.com/english/advisories/2008/2055/references http://www.vupen.com/english/advisories/2008/2092/references http://www.vupen.com/english/advisories/2008/2113/references http://www.vupen.com/english/advisories/2008/2114/references http://www.vupen.com/english/advisories/2008/2123/references http://www.vupen.com/english/advisories/2008/2139/references http://www.vupen.com/english/advisories/2008/2166/references http://www.vupen.com/english/advisories/2008/2195/references http://www.vupen.com/english/advisories/2008/2196/references http://www.vupen.com/english/advisories/2008/2197/references http://www.vupen.com/english/advisories/2008/2268 http://www.vupen.com/english/advisories/2008/2291 http://www.vupen.com/english/advisories/2008/2334 http://www.vupen.com/english/advisories/2008/2342 http://www.vupen.com/english/advisories/2008/2377 http://www.vupen.com/english/advisories/2008/2383 http://www.vupen.com/english/advisories/2008/2384 http://www.vupen.com/english/advisories/2008/2466 http://www.vupen.com/english/advisories/2008/2467 http://www.vupen.com/english/advisories/2008/2482 http://www.vupen.com/english/advisories/2008/2525 http://www.vupen.com/english/advisories/2008/2549 http://www.vupen.com/english/advisories/2008/2558 http://www.vupen.com/english/advisories/2008/2582 http://www.vupen.com/english/advisories/2008/2584 http://www.vupen.com/english/advisories/2009/0297 http://www.vupen.com/english/advisories/2009/0311 http://www.vupen.com/english/advisories/2010/0622
XF	http://xforce.iss.net/xforce/xfdb/43334 http://xforce.iss.net/xforce/xfdb/43637

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-06-11 17:24:53	Multiple Updates
2013-06-11 13:25:15	Multiple Updates
2013-06-10 13:25:09	Multiple Updates
2013-06-10 09:25:03	Multiple Updates
2013-06-08 05:26:22	Multiple Updates
2013-06-07 21:24:47	Multiple Updates
2013-06-06 13:25:39	Multiple Updates
2013-06-06 05:24:14	Multiple Updates
2013-06-04 17:25:47	Multiple Updates
2013-06-04 13:24:57	Multiple Updates
2013-06-03 21:27:25	Multiple Updates
2013-06-03 17:21:33	Multiple Updates
2013-06-03 13:25:49	Multiple Updates
2013-06-03 05:21:56	Multiple Updates
2013-05-31 21:25:45	Multiple Updates
2013-05-31 17:21:38	Multiple Updates
2013-05-30 17:24:32	Multiple Updates
2013-05-30 13:21:41	Multiple Updates
2013-05-16 17:02:28	Multiple Updates
2013-05-11 00:13:17	Multiple Updates
2013-05-01 17:22:35	Multiple Updates
2013-05-01 13:28:03	Multiple Updates
2013-05-01 09:22:44	Multiple Updates
2013-05-01 05:38:27	Multiple Updates
2012-11-27 13:27:57	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	5
CPE ID(s)	3
osvdb(s)	20
Milw0rm Exploit(s)	3
ExploitDB Exploit(s)	3
Metasploit Exploit(s)	2

Related	Severity
VMSA-2008-0014	(Critical)
TA08-260A	(Critical)
GLSA-201209-25	(Critical)
GLSA-200812-17	(Critical)
TA08-190A	(Critical)
MS08-037	(Critical)
HPSBST02350 SSR...	(Critical)
USN-651-1	(High)
cisco-sa-200809...	(High)
VU#800113	(Medium)
USN-627-1	(Medium)
USN-622-1	(Medium)
TA08-190B	(Medium)
SUN-240048	(Medium)
SUN-239392	(Medium)
RHSA-2008:0789	(Medium)
RHSA-2008:0533	(Medium)
MDVSA-2008:139	(Medium)
KB956187	(Medium)
HPSBUX02351 SSR...	(Medium)
HPSBTU02358 SSR...	(Medium)
HPSBOV02357 SSR...	(Medium)
HPSBMP02404 SSR...	(Medium)
GLSA-200901-03	(Medium)
GLSA-200809-02	(Medium)
GLSA-200807-08	(Medium)
DSA-1623	(Medium)
DSA-1619	(Medium)
DSA-1617	(Medium)
DSA-1605	(Medium)
DSA-1604	(Medium)
DSA-1603	(Medium)
cisco-sa-200807...	(Medium)