Executive Summary

Summary
Title Multiple DNS implementations vulnerable to cache poisoning
Informations
Name VU#800113 First vendor Publication 2008-07-08
Vendor VU-CERT Last vendor Modification 2008-10-08
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#800113

Multiple DNS implementations vulnerable to cache poisoning

Overview

Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks.

I. Description

The Domain Name System (DNS) is responsible for translating host names to IP addresses (and vice versa) and is critical for the normal operation of internet-connected systems. DNS cache poisoning (sometimes referred to as cache pollution) is an attack technique that allows an attacker to introduce forged DNS information into the cache of a caching nameserver. DNS cache poisoning is not a new concept; in fact, there are published articles that describe a number of inherent deficiencies in the DNS protocol and defects in common DNS implementations that facilitate DNS cache poisoning. The following are examples of these deficiencies and defects:
  • Insufficient transaction ID space
    The DNS protocol specification includes a transaction ID field of 16 bits. If the specification is correctly implemented and the transaction ID is randomly selected with a strong random number generator, an attacker will require, on average, 32,768 attempts to successfully predict the ID. Some flawed implementations may use a smaller number of bits for this transaction ID, meaning that fewer attempts will be needed. Furthermore, there are known errors with the randomness of transaction IDs that are generated by a number of implementations. Amit Klein researched several affected implementations in 2007. These vulnerabilities are described in the following vulnerability notes:

    • VU#484649 - Microsoft Windows DNS Server vulnerable to cache poisoning
    • VU#252735 - ISC BIND generates cryptographically weak DNS query IDs
    • VU#927905 - BIND version 8 generates cryptographically weak DNS query identifiers
  • Multiple outstanding requests
    Some implementations of DNS services contain a vulnerability in which multiple identical queries for the same resource record (RR) will generate multiple outstanding queries for that RR. This condition leads to the feasibility of a 'birthday attack,' which significantly raises an attacker's chance of success. This problem was previously described in VU#457875. A number of vendors and implementations have already added mitigations to address this issue.
  • Fixed source port for generating queries
    Some current implementations allocate an arbitrary port at startup (sometimes selected at random) and reuse this source port for all outgoing queries. In some implementations, the source port for outgoing queries is fixed at the traditional assigned DNS server port number, 53/udp.
Recent additional research into these issues and methods of combining them to conduct improved cache poisoning attacks have yielded extremely effective exploitation techniques. Caching DNS resolvers are primarily at risk--both those that are open (a DNS resolver is open if it provides recursive name resolution for clients outside of its administrative domain), and those that are not. These caching resolvers are the most common target for attackers; however, stub resolvers are also at risk.

Because attacks against these vulnerabilities all rely on an attacker's ability to predictably spoof traffic, the implementation of per-query source port randomization in the server presents a practical mitigation against these attacks within the boundaries of the current protocol specification. Randomized source ports can be used to gain approximately 16 additional bits of randomness in the data that an attacker must guess. Although there are technically 65,535 ports, implementers cannot allocate all of them (port numbers <1024 may be reserved, other ports may already be allocated, etc.). However, randomizing the ports that are available adds a significant amount of attack resiliency. It is important to note that without changes to the DNS protocol, such as those that the DNS Security Extensions (DNSSEC) introduce, these mitigations cannot completely prevent cache poisoning. However, if properly implemented, the mitigations reduce an attacker's chances of success by several orders of magnitude and make attacks impractical.

II. Impact

An attacker with the ability to conduct a successful cache poisoning attack can cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services. Consequently, web traffic, email, and other important network data can be redirected to systems under the attacker's control.

III. Solution

Apply a patch from the vendor
A number of vendors have released patches to implement source port randomization in the nameserver. This change significantly reduces the practicality of cache poisoning attacks. Please see the Systems Affected portion of this document for additional details for specific vendors. Additional information about Japanese vendors can be found in JPCERT/CC JVNVU#800113.

Stub resolvers are also vulnerable to these attacks, so system administrators should patch stub resolvers that issue queries in response to attacker behavior and that may receive packets from an attacker. Administrators should watch for patches to client operating systems that implement port randomization in the stub resolver.

Note: Routers, firewalls, proxies, and other gateway devices that perform Network Address Translation (NAT)more specifically Port Address Translation (PAT)often rewrite source ports in order to track connection state. When modifying source ports, PAT devices can reduce source port randomness implemented by nameservers and stub resolvers (conversely a PAT device can also increase randomness). A PAT device can reduce or eliminate improvements gained by patching DNS software to implement source port randomization.

Restrict access
Administrators, particularly those who are unable to apply a patch, can limit exposure to this vulnerability by restricting sources that can ask for recursion. Note that restricting access will still allow attackers with access to authorized hosts to exploit this vulnerability. The document "
Securing an Internet Name Server" contains instructions for restricting recursion in ISC BIND.

Filter traffic at network perimeters
Because the ability to spoof IP addresses is necessary to conduct these attacks, administrators should filter spoofed addresses at the network perimeter. IETF Request for Comments (RFC) documents RFC 2827, RFC 3704, and RFC 3013 describe best current practices (BCPs) for implementing this defense. It is important to understand your network's configuration and service requirements before deciding what changes are appropriate.

Run a local DNS cache
In lieu of strong port randomization characteristics in a stub resolver, administrators can protect their systems by using local caching full-service resolvers both on the client systems and on servers that are topologically close (on the network) to the client systems. These resolvers should be used in conjunction with the network segmentation and filtering strategies mentioned above.

Disable recursion
Disable recursion on any nameserver responding to DNS requests made by untrusted systems. "Securing an Internet Name Server" contains instructions for disabling recursion in various versions of ISC's BIND.

The U.S. National Institute of Standards and Technology (NIST) Special Publication 800-81 "Secure Domain Name System (DNS) Deployment Guide" contains detailed and thorough information about the secure deployment of DNS servers, including the recommendations above. Administrators are strongly encouraged to review this document and consider implementing the recommendations it describes.

Implement source port randomization
Vendors that implement DNS software are encouraged to review IETF Internet Draft "Measures for making DNS more resilient against forged answers" for additional information about implementing mitigations in their products. This document is a work in progress and may change prior to its publication as an RFC, if it is approved. System implementers may also wish to review IETF Internet Draft "Port Randomization" for a more generalized approach to how port randomization can mitigate some other types of spoofing attacks.

As noted above, routers, firewalls, and other gateway devices that perform NAT/PAT may modify source ports in ways that reduce the effectiveness of source port randomization.

Systems Affected

VendorStatusDate NotifiedDate Updated
3com, Inc.Unknown2008-04-212008-07-10
Alcatel-LucentVulnerable2008-04-212008-08-14
Apple Computer, Inc.Vulnerable2008-05-052008-10-08
AT&TUnknown2008-04-212008-04-21
Avaya, Inc.Vulnerable2008-04-212008-07-16
Avici Systems, Inc.Unknown2008-04-212008-04-21
Belkin, Inc.Unknown2008-07-132008-07-13
Blue Coat SystemsVulnerable2008-07-22
BlueCat Networks, Inc.Vulnerable2008-05-052008-07-22
Check Point Software TechnologiesNot Vulnerable2008-05-052008-07-23
Cisco Systems, Inc.Vulnerable2008-05-012008-07-10
Conectiva Inc.Unknown2008-05-052008-05-05
Cray Inc.Unknown2008-05-052008-05-05
D-Link Systems, Inc.Unknown2008-05-022008-05-02
Data Connection, Ltd.Unknown2008-04-212008-04-21
Debian GNU/LinuxVulnerable2008-05-052008-07-09
djbdnsNot Vulnerable2008-07-102008-07-10
dnsmasqVulnerable2008-07-092008-07-11
DragonFly BSD ProjectUnknown2008-07-032008-07-03
EMC CorporationUnknown2008-04-212008-04-21
Engarde Secure LinuxUnknown2008-05-052008-05-05
EricssonUnknown2008-04-212008-04-21
Extreme NetworksUnknown2008-04-212008-04-21
F5 Networks, Inc.Vulnerable2008-04-212008-07-14
Fedora ProjectUnknown2008-05-052008-05-05
Force10 Networks, Inc.Vulnerable2008-04-212008-10-08
Foundry Networks, Inc.Not Vulnerable2008-04-212008-07-10
FreeBSD, Inc.Vulnerable2008-05-052008-07-14
FujitsuVulnerable2008-04-212008-07-18
Funkwerk Enterprise Communications Vulnerable2008-08-22
Gentoo LinuxVulnerable2008-06-062008-07-12
Gnu ADNSUnknown2008-05-052008-05-05
GNU glibcUnknown2008-05-052008-05-05
Hewlett-Packard CompanyVulnerable2008-04-212008-07-16
HitachiNot Vulnerable2008-04-212008-07-29
HoneywellUnknown2008-04-212008-04-21
IBM CorporationVulnerable2008-04-212008-07-12
IBM Corporation (zseries)Unknown2008-05-052008-05-05
IBM eServerUnknown2008-04-212008-04-21
InfobloxVulnerable2008-05-052008-07-21
Ingrian Networks, Inc.Unknown2008-05-052008-05-05
Intel CorporationUnknown2008-04-212008-04-21
Internet Systems ConsortiumVulnerable2008-04-292008-07-14
JH SoftwareNot Vulnerable2008-07-10
Juniper Networks, Inc.Vulnerable2008-04-212008-07-10
Linux Kernel ArchivesUnknown2008-06-032008-06-03
Luminous NetworksUnknown2008-04-212008-04-21
Mandriva, Inc.Vulnerable2008-05-052008-07-22
MaraDNSNot Vulnerable2008-07-10
Men & MiceUnknown2008-05-052008-05-05
Metasolv Software, Inc.Unknown2008-05-052008-05-05
Microsoft CorporationVulnerable2008-04-142008-07-08
MontaVista Software, Inc.Unknown2008-05-052008-05-05
Motorola, Inc.Unknown2008-04-212008-04-21
Multitech, Inc.Unknown2008-04-212008-04-21
NEC CorporationVulnerable2008-04-212008-08-22
NetAppUnknown2008-07-032008-07-03
NetBSDUnknown2008-05-052008-05-05
Netgear, Inc.Unknown2008-04-212008-04-21
Network Appliance, Inc.Unknown2008-04-212008-04-21
NixuVulnerable2008-07-032008-07-09
NLnet LabsNot Vulnerable2008-05-142008-07-10
NokiaUnknown2008-04-212008-04-21
NominumVulnerable2008-06-032008-07-10
Nortel Networks, Inc.Vulnerable2008-04-212008-09-05
Novell, Inc.Vulnerable2008-05-052008-07-14
OpenBSDVulnerable2008-05-052008-07-24
OpenDNSNot Vulnerable2008-07-10
Openwall GNU/*/LinuxVulnerable2008-05-052008-07-17
PePLinkNot Vulnerable2008-07-10
Posadis projectUnknown2008-07-142008-07-14
PowerDNSNot Vulnerable2008-05-132008-07-10
Process SoftwareUnknown2008-04-212008-08-08
QNX, Software Systems, Inc.Unknown2008-05-052008-05-05
Red Hat, Inc.Vulnerable2008-05-052008-07-10
Redback Networks, Inc.Unknown2008-04-212008-04-21
Secure Computing Network Security DivisionVulnerable2008-07-092008-07-17
ShadowsupportUnknown2008-05-052008-05-05
SiemensUnknown2008-04-212008-07-08
Silicon Graphics, Inc.Unknown2008-05-052008-05-05
Slackware Linux Inc.Vulnerable2008-05-052008-07-12
Sony CorporationUnknown2008-04-212008-04-21
Sun Microsystems, Inc.Vulnerable2008-05-052008-07-31
SUSE LinuxVulnerable2008-05-052008-07-11
The SCO GroupUnknown2008-05-052008-05-05
Trustix Secure LinuxUnknown2008-05-052008-05-05
TurbolinuxUnknown2008-05-052008-05-05
UbuntuVulnerable2008-05-052008-07-10
Wind River Systems, Inc.Vulnerable2008-04-212008-08-14
Yamaha CorporationVulnerable2008-07-29
ZyXELUnknown2008-04-212008-04-21

References

http://www.kb.cert.org/vuls/id/484649
http://www.kb.cert.org/vuls/id/252735
http://www.kb.cert.org/vuls/id/927905
http://www.kb.cert.org/vuls/id/457875
http://www.cert.org/archive/pdf/dns.pdf
http://csrc.nist.gov/publications/nistpubs/800-81/SP800-81.pdf
http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience
http://tools.ietf.org/html/rfc3833
http://tools.ietf.org/html/rfc2827
http://tools.ietf.org/html/rfc3704
http://tools.ietf.org/html/rfc3013
http://tools.ietf.org/html/rfc4033
http://tools.ietf.org/html/draft-ietf-tsvwg-port-randomization
http://cr.yp.to/djbdns/dns_random.html
http://cr.yp.to/djbdns/dns_transmit.html
http://cr.yp.to/djbdns/forgery.html
http://www.trusteer.com/microsoftdns
http://www.trusteer.com/bind9dns
http://www.trusteer.com/bind8dns
http://www.sans.org/reading_room/whitepapers/dns/1567.php
http://blogs.iss.net/archive/morednsnat.html
https://jvn.jp/cert/JVNVU800113/
http://www.cert.at/static/cert.at-0802-DNS-patchanalysis.pdf

Credit

Thanks to Dan Kaminsky of IOActive for identifying the effectiveness and practicality of DNS cache poisoning, and to Paul Vixie of Internet Systems Consortium (ISC) for raising the urgency of these issues. Daniel J. Bernstein is credited with the original idea and implementation of randomized source ports in the DNS resolver.

This document was written by Chad R Dougherty.

Other Information

Date Public:2008-07-08
Date First Published:2008-07-08
Date Last Updated:2008-10-08
CERT Advisory: 
CVE-ID(s):CVE-2008-1447
NVD-ID(s):CVE-2008-1447
US-CERT Technical Alerts:TA08-190B
Metric:27.54
Document Revision:99

Original Source

Url : http://www.kb.cert.org/vuls/id/800113

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-331 Insufficient Entropy

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12117
 
Oval ID: oval:org.mitre.oval:def:12117
Title: HP-UX Running BIND, Remote DNS Cache Poisoning
Description: The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family: unix Class: vulnerability
Reference(s): CVE-2008-1447
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17512
 
Oval ID: oval:org.mitre.oval:def:17512
Title: USN-627-1 -- dnsmasq vulnerability
Description: Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Dnsmasq.
Family: unix Class: patch
Reference(s): USN-627-1
CVE-2008-1447
Version: 7
Platform(s): Ubuntu 8.04
Product(s): dnsmasq
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17734
 
Oval ID: oval:org.mitre.oval:def:17734
Title: USN-622-1 -- bind9 vulnerability
Description: Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Bind.
Family: unix Class: patch
Reference(s): USN-622-1
CVE-2008-1447
Version: 5
Platform(s): Ubuntu 6.06
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04
Product(s): bind9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18704
 
Oval ID: oval:org.mitre.oval:def:18704
Title: DSA-1623-1 dnsmasq - cache poisoning
Description: Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting.
Family: unix Class: patch
Reference(s): DSA-1623-1
CVE-2008-1447
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): dnsmasq
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18724
 
Oval ID: oval:org.mitre.oval:def:18724
Title: DSA-1617-1 refpolicy - incompatible policy
Description: In DSA-1603-1, Debian released an update to the BIND 9 domain name server, which introduced UDP source port randomization to mitigate the threat of DNS cache poisoning attacks (identified by the Common Vulnerabilities and Exposures project as <a href="http://security-tracker.debian.org/tracker/CVE-2008-1447">CVE-2008-1447</a>). The fix, while correct, was incompatible with the version of SELinux Reference Policy shipped with Debian Etch, which did not permit a process running in the named_t domain to bind sockets to UDP ports other than the standard 'domain' port (53). The incompatibility affects both the 'targeted' and 'strict' policy packages supplied by this version of refpolicy.
Family: unix Class: patch
Reference(s): DSA-1617-1
CVE-2008-1447
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): refpolicy
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19900
 
Oval ID: oval:org.mitre.oval:def:19900
Title: DSA-1603-1 bind9 - cache poisoning
Description: Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting.
Family: unix Class: patch
Reference(s): DSA-1603-1
CVE-2008-1447
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): bind9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21970
 
Oval ID: oval:org.mitre.oval:def:21970
Title: ELSA-2008:0533: bind security update (Important)
Description: The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family: unix Class: patch
Reference(s): ELSA-2008:0533-02
CVE-2008-1447
Version: 6
Platform(s): Oracle Linux 5
Product(s): bind
selinux-policy-targeted
selinux-policy
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22177
 
Oval ID: oval:org.mitre.oval:def:22177
Title: ELSA-2008:0789: dnsmasq security update (Moderate)
Description: The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family: unix Class: patch
Reference(s): ELSA-2008:0789-01
CVE-2008-1447
Version: 6
Platform(s): Oracle Linux 5
Product(s): dnsmasq
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28787
 
Oval ID: oval:org.mitre.oval:def:28787
Title: RHSA-2008:0533 -- bind security update (Important)
Description: Updated bind packages that help mitigate DNS spoofing attacks are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. We have updated the Enterprise Linux 5 packages in this advisory. The default and sample caching-nameserver configuration files have been updated so that they do not specify a fixed query-source port. Administrators wishing to take advantage of randomized UDP source ports should check their configuration file to ensure they have not specified fixed query-source ports. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols.
Family: unix Class: patch
Reference(s): RHSA-2008:0533
CESA-2008:0533-CentOS 5
CESA-2008:0533-CentOS 2
CESA-2008:0533-CentOS 3
CVE-2008-1447
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 5
CentOS Linux 2
CentOS Linux 3
Product(s): bind
selinux-policy-targeted
selinux-policy
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29167
 
Oval ID: oval:org.mitre.oval:def:29167
Title: RHSA-2008:0789 -- dnsmasq security update (Moderate)
Description: An updated dnsmasq package that implements UDP source-port randomization is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Dnsmasq is lightweight DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. The dnsmasq DNS resolver used a fixed source UDP port. This could have made DNS spoofing attacks easier. dnsmasq has been updated to use random UDP source ports, helping to make DNS spoofing attacks harder. (CVE-2008-1447) All dnsmasq users are advised to upgrade to this updated package, that upgrades dnsmasq to version 2.45, which resolves this issue.
Family: unix Class: patch
Reference(s): RHSA-2008:0789
CVE-2008-1447
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Product(s): dnsmasq
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5725
 
Oval ID: oval:org.mitre.oval:def:5725
Title: DNS Insufficient Socket Entropy Vulnerability
Description: The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family: windows Class: vulnerability
Reference(s): CVE-2008-1447
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5761
 
Oval ID: oval:org.mitre.oval:def:5761
Title: HP-UX Running BIND, Remote DNS Cache Poisoning
Description: The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family: unix Class: vulnerability
Reference(s): CVE-2008-1447
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5917
 
Oval ID: oval:org.mitre.oval:def:5917
Title: Security Vulnerability in the DNS Protocol May Lead to DNS Cache Poisoning
Description: The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family: unix Class: vulnerability
Reference(s): CVE-2008-1447
Version: 1
Platform(s): Sun Solaris 8
Sun Solaris 9
Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7531
 
Oval ID: oval:org.mitre.oval:def:7531
Title: DSA-1623 dnsmasq -- DNS cache poisoning
Description: Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. This update changes Debian's dnsmasq packages to implement the recommended countermeasure: UDP query source port randomization. This change increases the size of the space from which an attacker has to guess values in a backwards-compatible fashion and makes successful attacks significantly more difficult. This update also switches the random number generator to Dan Bernstein's SURF.
Family: unix Class: patch
Reference(s): DSA-1623
CVE-2008-1447
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): dnsmasq
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7660
 
Oval ID: oval:org.mitre.oval:def:7660
Title: DSA-1617 refpolicy -- incompatible policy
Description: In DSA-1603-1, Debian released an update to the BIND 9 domain name server, which introduced UDP source port randomization to mitigate the threat of DNS cache poisoning attacks (identified by the Common Vulnerabilities and Exposures project as CVE-2008-1447). The fix, while correct, was incompatible with the version of SELinux Reference Policy shipped with Debian Etch, which did not permit a process running in the named_t domain to bind sockets to UDP ports other than the standard "domain" port (53). The incompatibility affects both the "targeted" and "strict" policy packages supplied by this version of refpolicy. This update to the refpolicy packages grants the ability to bind to arbitrary UDP ports to named_t processes. When installed, the updated packages will attempt to update the bind policy module on systems where it had been previously loaded and where the previous version of refpolicy was 0.0.20061018-5 or below. Because the Debian refpolicy packages are not yet designed with policy module upgradeability in mind, and because SELinux-enabled Debian systems often have some degree of site-specific policy customization, it is difficult to assure that the new bind policy can be successfully upgraded. To this end, the package upgrade will not abort if the bind policy update fails. The new policy module can be found at /usr/share/selinux/refpolicy-targeted/bind.pp after installation. Administrators wishing to use the bind service policy can reconcile any policy incompatibilities and install the upgrade manually thereafter. A more detailed discussion of the corrective procedure may be found on http://wiki.debian.org/SELinux/Issues/BindPortRandomization. For the stable distribution (etch), this problem has been fixed in version 0.0.20061018-5.1+etch1. The unstable distribution (sid) is not affected, as subsequent refpolicy releases have incorporated an analogous change. We recommend that you upgrade your refpolicy packages.
Family: unix Class: patch
Reference(s): DSA-1617
CVE-2008-1447
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): refpolicy
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8092
 
Oval ID: oval:org.mitre.oval:def:8092
Title: DSA-1603 bind9 -- DNS cache poisoning
Description: Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. This update changes Debian's BIND 9 packages to implement the recommended countermeasure: UDP query source port randomization. This change increases the size of the space from which an attacker has to guess values in a backwards-compatible fashion and makes successful attacks significantly more difficult. Note that this security update changes BIND network behavior in a fundamental way, and the following steps are recommended to ensure a smooth upgrade. 1. Make sure that your network configuration is compatible with source port randomization. If you guard your resolver with a stateless packet filter, you may need to make sure that no non-DNS services listen on the 1024--65535 UDP port range and open it at the packet filter. For instance, packet filters based on etch's Linux 2.6.18 kernel only support stateless filtering of IPv6 packets, and therefore pose this additional difficulty. (If you use IPv4 with iptables and ESTABLISHED rules, networking changes are likely not required.) 2. Install the BIND 9 upgrade, using "apt-get update" followed by "apt-get install bind9". Verify that the named process has been restarted and answers recursive queries. (If all queries result in timeouts, this indicates that networking changes are necessary; see the first step.) 3. Verify that source port randomization is active. Check that the /var/log/daemon.log file does not contain messages of the following form right after the "listening on IPv6 interface" and "listening on IPv4 interface" messages logged by BIND upon startup. If these messages are present, you should remove the indicated lines from the configuration, or replace the port numbers contained within them with "*" sign (e.g., replace "port 53" with "port *"). For additional certainty, use tcpdump or some other network monitoring tool to check for varying UDP source ports. If there is a NAT device in front of your resolver, make sure that it does not defeat the effect of source port randomization. 4. If you cannot activate source port randomization, consider configuring BIND 9 to forward queries to a resolver which can, possibly over a VPN such as OpenVPN to create the necessary trusted network link. (Use BIND's forward-only mode in this case.) Other caching resolvers distributed by Debian (PowerDNS, MaraDNS, Unbound) already employ source port randomization, and no updated packages are needed. BIND 9.5 up to and including version 1:9.5.0.dfsg-4 only implements a weak form of source port randomization and needs to be updated as well. For information on BIND 8, see DSA-1604-1, and for the status of the libc stub resolver, see DSA-1605-1. The updated bind9 packages contain changes originally scheduled for the next stable point release, including the changed IP address of L.ROOT-SERVERS.NET (Debian bug #449148).
Family: unix Class: patch
Reference(s): DSA-1603
CVE-2008-1447
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): bind9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9627
 
Oval ID: oval:org.mitre.oval:def:9627
Title: The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Description: The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family: unix Class: vulnerability
Reference(s): CVE-2008-1447
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3

ExploitDB Exploits

id Description
2008-07-25 BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c)
2008-07-24 BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py)
2008-07-23 BIND 9.4.1-9.4.2 Remote DNS Cache Poisoning Flaw Exploit (meta)

OpenVAS Exploits

Date Description
2012-10-03 Name : Gentoo Security Advisory GLSA 201209-25 (vmware-server vmware-player vmware-w...
File : nvt/glsa_201209_25.nasl
2010-05-12 Name : Mac OS X 10.5.5 Update / Security Update 2008-006
File : nvt/macosx_upd_10_5_5_secupd_2008-006.nasl
2010-05-12 Name : Mac OS X Security Update 2008-005
File : nvt/macosx_secupd_2008-005.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-13 Name : SLES10: Security update for bind
File : nvt/sles10_bind0.nasl
2009-10-10 Name : SLES9: Security update for bind
File : nvt/sles9p5030189.nasl
2009-05-05 Name : HP-UX Update for BIND HPSBUX02351
File : nvt/gb_hp_ux_HPSBUX02351.nasl
2009-04-09 Name : Mandriva Update for bind MDVSA-2008:139 (bind)
File : nvt/gb_mandriva_MDVSA_2008_139.nasl
2009-03-23 Name : Ubuntu Update for bind9 vulnerability USN-622-1
File : nvt/gb_ubuntu_USN_622_1.nasl
2009-03-23 Name : Ubuntu Update for dnsmasq vulnerability USN-627-1
File : nvt/gb_ubuntu_USN_627_1.nasl
2009-03-23 Name : Ubuntu Update for ruby1.8 vulnerabilities USN-651-1
File : nvt/gb_ubuntu_USN_651_1.nasl
2009-03-06 Name : RedHat Update for bind RHSA-2008:0533-01
File : nvt/gb_RHSA-2008_0533-01_bind.nasl
2009-03-06 Name : RedHat Update for dnsmasq RHSA-2008:0789-01
File : nvt/gb_RHSA-2008_0789-01_dnsmasq.nasl
2009-02-27 Name : CentOS Update for bind CESA-2008:0533-03 centos2 i386
File : nvt/gb_CESA-2008_0533-03_bind_centos2_i386.nasl
2009-02-27 Name : CentOS Update for bind CESA-2008:0533 centos3 i386
File : nvt/gb_CESA-2008_0533_bind_centos3_i386.nasl
2009-02-27 Name : CentOS Update for bind CESA-2008:0533 centos3 x86_64
File : nvt/gb_CESA-2008_0533_bind_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for bind CESA-2008:0533 centos4 i386
File : nvt/gb_CESA-2008_0533_bind_centos4_i386.nasl
2009-02-27 Name : CentOS Update for bind CESA-2008:0533 centos4 x86_64
File : nvt/gb_CESA-2008_0533_bind_centos4_x86_64.nasl
2009-02-18 Name : Fedora Core 9 FEDORA-2009-1069 (dnsmasq)
File : nvt/fcore_2009_1069.nasl
2009-02-17 Name : Fedora Update for ruby FEDORA-2008-8736
File : nvt/gb_fedora_2008_8736_ruby_fc8.nasl
2009-02-17 Name : Fedora Update for ruby FEDORA-2008-8738
File : nvt/gb_fedora_2008_8738_ruby_fc9.nasl
2009-02-17 Name : Fedora Update for bind FEDORA-2008-6281
File : nvt/gb_fedora_2008_6281_bind_fc8.nasl
2009-02-17 Name : Fedora Update for bind FEDORA-2008-6256
File : nvt/gb_fedora_2008_6256_bind_fc9.nasl
2009-01-23 Name : SuSE Update for bind SUSE-SA:2008:033
File : nvt/gb_suse_2008_033.nasl
2009-01-23 Name : SuSE Update for openwsman SUSE-SA:2008:041
File : nvt/gb_suse_2008_041.nasl
2009-01-20 Name : Fedora Core 9 FEDORA-2009-0350 (bind)
File : nvt/fcore_2009_0350.nasl
2009-01-13 Name : Gentoo Security Advisory GLSA 200901-03 (pdnsd)
File : nvt/glsa_200901_03.nasl
2008-12-23 Name : Gentoo Security Advisory GLSA 200812-17 (ruby)
File : nvt/glsa_200812_17.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200809-02 (dnsmasq)
File : nvt/glsa_200809_02.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200807-08 (bind)
File : nvt/glsa_200807_08.nasl
2008-09-04 Name : FreeBSD Ports: ruby, ruby+pthreads, ruby+pthreads+oniguruma, ruby+oniguruma
File : nvt/freebsd_ruby9.nasl
2008-09-04 Name : FreeBSD Security Advisory (FreeBSD-SA-08:06.bind.asc)
File : nvt/freebsdsa_bind5.nasl
2008-08-22 Name : Vulnerabilities in DNS Could Allow Spoofing (953230)
File : nvt/secpod_ms08-037_900005.nasl
2008-08-15 Name : Debian Security Advisory DSA 1623-1 (dnsmasq)
File : nvt/deb_1623_1.nasl
2008-08-15 Name : Debian Security Advisory DSA 1619-1 (python-dns)
File : nvt/deb_1619_1.nasl
2008-08-15 Name : Debian Security Advisory DSA 1617-1 (refpolicy)
File : nvt/deb_1617_1.nasl
2008-07-15 Name : Debian Security Advisory DSA 1603-1 (bind9)
File : nvt/deb_1603_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-334-01 ruby
File : nvt/esoft_slk_ssa_2008_334_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-205-01 dnsmasq
File : nvt/esoft_slk_ssa_2008_205_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-191-02 bind
File : nvt/esoft_slk_ssa_2008_191_02.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
53917 HP Multiple Products DNS Query ID Field Prediction Cache Poisoning

53530 Check Point DNS Query ID Field Prediction Cache Poisoning

48256 Ingate Firewall/SIParator DNS Query ID Field Prediction Cache Poisoning

48244 pdnsd DNS Query ID Field Prediction Cache Poisoning

48186 Apple Mac OS X DNS Query ID Field Prediction Cache Poisoning

47927 Nortel Business Communications Manager DNS Query ID Field Prediction Cache Po...

47926 Astaro Security Gateway DNS Query ID Field Prediction Cache Poisoning

47916 Citrix Access Gateway DNS Query ID Field Prediction Cache Poisoning

47660 VitalQIP DNS Query ID Field Prediction Cache Poisoning

47588 Yamaha RT Series Routers DNS Query ID Field Prediction Cache Poisoning

47546 Astaro Security Gateway DNS Proxy DNS Query ID Field Prediction Cache Poisoning

47510 Dnsmasq DNS Query ID Field Prediction Cache Poisoning

47233 Secure Computing Sidewinder / CyberGuard DNS Query ID Field Prediction Cache ...

47232 F5 Multiple Product DNS Query ID Field Prediction Cache Poisoning

46916 Juniper Networks Multiple Products DNS Query ID Field Prediction Cache Poisoning

46837 Solaris named(1M) DNS Query ID Field Prediction Cache Poisoning

Solaris contains a flaw that may allow a malicious user to insert invalid records into a recursive DNS server cache. The issue is triggered by a flaw in the DNS protocol, which does not require sufficient randomness in selecting Query ID and UDP source port for queries to authoritative servers. It is possible that the flaw may allow an attacker to spoof a DNS response to a legitimate query resulting in a loss of integrity.
46836 Nominum CNS / Vantio DNS Query ID Field Prediction Cache Poisoning

46786 Cisco Multiple Products DNS Query ID Field Prediction Cache Poisoning

Multiple Cisco products contain a flaw that may allow a malicious user to insert invalid records into a recursive DNS server cache. The issue is triggered by a flaw in the DNS protocol, which does not require sufficient randomness in selecting Query ID and UDP source port for queries to authoritative servers. It is possible that the flaw may allow an attacker to spoof a DNS response to a legitimate query resulting in a loss of integrity.
46777 Microsoft Windows DNS Socket Entropy Weakness Cache Poisoning

Windows contains a flaw that may allow a malicious user to insert invalid records into a recursive DNS server cache. The issue is triggered by a flaw in the DNS protocol, which does not require sufficient randomness in selecting Query ID and UDP source port for queries to authoritative servers. It is possible that the flaw may allow an attacker to spoof a DNS response to a legitimate query resulting in a loss of integrity.
46776 ISC BIND DNS Query ID Field Prediction Cache Poisoning

BIND contains a flaw that may allow a malicious user to insert invalid records into a recursive DNS server cache. The issue is triggered by a flaw in the DNS protocol, which does not require sufficient randomness in selecting Query ID and UDP source port for queries to authoritative servers. It is possible that the flaw may allow an attacker to spoof a DNS response to a legitimate query resulting in a loss of integrity.

Information Assurance Vulnerability Management (IAVM)

Date Description
2008-07-17 IAVM : 2008-A-0045 - DNS Protocol Cache Poisoning Vulnerability
Severity : Category I - VMSKEY : V0016170

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows DNS server spoofing attempt
RuleID : 16206 - Revision : 12 - Type : OS-WINDOWS
2014-01-10 excessive outbound NXDOMAIN replies - possible spoof of domain run by local D...
RuleID : 13949 - Revision : 17 - Type : PROTOCOL-DNS
2014-01-10 large number of NXDOMAIN replies - possible DNS cache poisoning
RuleID : 13948 - Revision : 13 - Type : PROTOCOL-DNS
2014-01-10 dns cache poisoning attempt
RuleID : 13667 - Revision : 19 - Type : PROTOCOL-DNS

Nessus® Vulnerability Scanner

Date Description
2017-04-21 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0066.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2009-0022.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL8938.nasl - Type : ACT_GATHER_INFO
2014-03-05 Name : The DNS server running on the remote host is vulnerable to DNS spoofing attacks.
File : ms_dns_kb951746.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0533.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2008-0789.nasl - Type : ACT_GATHER_INFO
2012-10-01 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-25.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20080811_dnsmasq_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080711_bind_on_SL_3_0_x.nasl - Type : ACT_GATHER_INFO
2011-05-28 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-191-02.nasl - Type : ACT_GATHER_INFO
2010-09-01 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20080924-iosipshttp.nasl - Type : ACT_GATHER_INFO
2010-09-01 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20080708-dnshttp.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12197.nasl - Type : ACT_GATHER_INFO
2009-07-27 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2008-0014.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_dnsmasq-080813.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_bind-080708.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-651-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-139.nasl - Type : ACT_GATHER_INFO
2009-02-17 Name : The remote Fedora host is missing a security update.
File : fedora_2009-1069.nasl - Type : ACT_GATHER_INFO
2009-01-12 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200901-03.nasl - Type : ACT_GATHER_INFO
2008-12-17 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200812-17.nasl - Type : ACT_GATHER_INFO
2008-12-01 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-334-01.nasl - Type : ACT_GATHER_INFO
2008-10-10 Name : The remote Fedora host is missing a security update.
File : fedora_2008-8738.nasl - Type : ACT_GATHER_INFO
2008-09-16 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_5.nasl - Type : ACT_GATHER_INFO
2008-09-16 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-006.nasl - Type : ACT_GATHER_INFO
2008-09-05 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200809-02.nasl - Type : ACT_GATHER_INFO
2008-08-17 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_959d384d6b5911dd9d79001fc61c2a55.nasl - Type : ACT_GATHER_INFO
2008-08-15 Name : The remote openSUSE host is missing a security update.
File : suse_dnsmasq-5512.nasl - Type : ACT_GATHER_INFO
2008-08-12 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_37865.nasl - Type : ACT_GATHER_INFO
2008-08-12 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0789.nasl - Type : ACT_GATHER_INFO
2008-08-01 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-005.nasl - Type : ACT_GATHER_INFO
2008-08-01 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1623.nasl - Type : ACT_GATHER_INFO
2008-07-28 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1617.nasl - Type : ACT_GATHER_INFO
2008-07-28 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1619.nasl - Type : ACT_GATHER_INFO
2008-07-24 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-205-01.nasl - Type : ACT_GATHER_INFO
2008-07-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-627-1.nasl - Type : ACT_GATHER_INFO
2008-07-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200807-08.nasl - Type : ACT_GATHER_INFO
2008-07-15 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_bind-5409.nasl - Type : ACT_GATHER_INFO
2008-07-15 Name : The remote openSUSE host is missing a security update.
File : suse_bind-5410.nasl - Type : ACT_GATHER_INFO
2008-07-10 Name : The remote Fedora host is missing a security update.
File : fedora_2008-6256.nasl - Type : ACT_GATHER_INFO
2008-07-10 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0533.nasl - Type : ACT_GATHER_INFO
2008-07-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-622-1.nasl - Type : ACT_GATHER_INFO
2008-07-10 Name : The remote Fedora host is missing a security update.
File : fedora_2008-6281.nasl - Type : ACT_GATHER_INFO
2008-07-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0533.nasl - Type : ACT_GATHER_INFO
2008-07-10 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1603.nasl - Type : ACT_GATHER_INFO
2008-07-09 Name : The remote name resolver (or the server it uses upstream) is affected by a DN...
File : dns_non_random_source_ports.nasl - Type : ACT_GATHER_INFO
2008-07-08 Name : The remote host is vulnerable to DNS spoofing attacks.
File : smb_nt_ms08-037.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote host is missing Sun Security Patch number 114265-23
File : solaris9_x86_114265.nasl - Type : ACT_GATHER_INFO
2007-09-25 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_36973.nasl - Type : ACT_GATHER_INFO
2007-09-25 Name : The remote host is missing Sun Security Patch number 112837-24
File : solaris9_112837.nasl - Type : ACT_GATHER_INFO
2004-07-12 Name : The remote host is missing Sun Security Patch number 109326-24
File : solaris8_109326.nasl - Type : ACT_GATHER_INFO
2004-07-12 Name : The remote host is missing Sun Security Patch number 109327-24
File : solaris8_x86_109327.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
Date Informations
2020-05-23 13:17:16
  • Multiple Updates
2016-03-01 17:24:00
  • Multiple Updates
2016-03-01 09:22:24
  • Multiple Updates
2015-05-27 21:30:41
  • Multiple Updates
2015-04-15 13:28:39
  • Multiple Updates
2015-03-17 09:32:46
  • Multiple Updates
2014-11-27 13:28:47
  • Multiple Updates
2014-10-11 13:26:27
  • Multiple Updates
2014-03-06 13:21:29
  • Multiple Updates
2014-02-17 12:08:11
  • Multiple Updates
2014-01-19 21:31:05
  • Multiple Updates
2012-11-27 13:29:51
  • Multiple Updates