CVE-2008-1447 Scanner
Detects 'Cache Poisoning' vulnerability in DNS Protocol
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Time Interval
2112 sec
Scan only one
Domain, Ipv4
Toolbox
-
The DNS (Domain Name System) is a fundamental protocol used on the internet for translating domain names into IP addresses, allowing users to access websites easily. It is an essential component of the internet architecture, responsible for making website addresses readable by humans. DNS servers act as a directory for the internet, mapping domain names to IP addresses. This protocol is used to direct website visitors to the intended website by resolving DNS queries to the correct IP address. It is a crucial component of the internet infrastructure without which the web would cease to exist.
CVE-2008-1447 is a vulnerability that affects DNS implementations such as BIND and Microsoft DNS on Windows 2000/XP/Server 2003. The vulnerability allowed remote attackers to exploit a weakness in the DNS protocol's inability to randomize transaction IDs and source ports, enabling them to spoof DNS traffic and carry out a cache poisoning attack, also known as DNS spoofing. DNS cache poisoning can occur when an attacker inserts malicious DNS records into a DNS resolver's cache, meaning that when the victim tries to access a specific website, they end up being redirected to a malicious site controlled by the attacker.
Exploiting this vulnerability can have far-reaching consequences, from monitoring user activity to stealing sensitive data and launching highly targeted phishing campaigns. In the case of a large-scale attack, attackers could redirect traffic to fake websites that collect user credentials, usernames and passwords, leading to financial or reputational damage. Cache poisoning also poses a significant risk to organizations reliant on web-based services. Attackers can use this technique to redirect users to fake websites, introduce malware into systems, or tamper with online transactions, causing significant financial losses.
Thanks to the pro features of s4e.io, those who read this article can easily and quickly learn about vulnerabilities in their digital assets. With our comprehensive vulnerability scanning tools and threat intelligence, users can safeguard their organizations' websites, network devices, and cloud-based assets from potential threats and attacks. We keep your business safe with regular scans, identifying vulnerabilities and providing remediation advice. Stay ahead of attackers and protect your digital assets with our innovative security solutions.
REFERENCES
- securitytracker.com: 1020438
- redhat.com: FEDORA-2008-6256
- lists.opensuse.org: SUSE-SR:2008:017
- kb.cert.org: VU#800113
- secunia.com: 31137
- secunia.com: 31430
- http://www.kb.cert.org/vuls/id/MIMG-7DWR4J
- secunia.com: 31169
- http://www.phys.uu.nl/~rombouts/pdnsd.html
- securitytracker.com: 1020702
- security.gentoo.org: GLSA-201209-25
- vupen.com: ADV-2008-2052
- securitytracker.com: 1020561
- http://www.vmware.com/security/advisories/VMSA-2008-0014.html
- marc.info: HPSBOV03226
- securitytracker.com: 1020578
- security.freebsd.org: FreeBSD-SA-08:06
- oval.cisecurity.org: oval:org.mitre.oval:def:9627
- securitytracker.com: 1020802
- marc.info: HPSBMP02404
- securityfocus.com: 30131
- openbsd.org: [4.2] 013: SECURITY FIX: July 23, 2008
- secunia.com: 31236
- lists.apple.com: APPLE-SA-2008-09-15
- securitytracker.com: 1020651
- securitytracker.com: 1020437
- secunia.com: 31209
- secunia.com: 31012
- secunia.com: 31151
- vupen.com: ADV-2008-2050
- http://support.citrix.com/article/CTX117991
- marc.info: SSRT101004
- secunia.com: 31237
- http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog
- lists.apple.com: APPLE-SA-2008-07-31
- exchange.xforce.ibmcloud.com: win-dns-client-server-spoofing(43334)
- secunia.com: 31495
- exploit-db.com: 6130
- cisco.com: 20080708 Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks
- securitytracker.com: 1020579
- http://www.nominum.com/asset_upload_file741_2661.pdf
- securitytracker.com: 1020653
- secunia.com: 30998
- debian.org: DSA-1603
- vupen.com: ADV-2008-2525
- lists.opensuse.org: SUSE-SA:2008:033
- secunia.com: 31094
- ibm.com: IZ26668
- secunia.com: 31687
- vupen.com: ADV-2008-2025
- sunsolve.sun.com: 239392
- us-cert.gov: TA08-260A
- secunia.com: 31588
- secunia.com: 31019
- vupen.com: ADV-2008-2029
- marc.info: SSRT080058
- exploit-db.com: 6123
- ibm.com: IZ26671
- redhat.com: FEDORA-2008-6281
- vupen.com: ADV-2008-2268
- vupen.com: ADV-2009-0297
- marc.info: HPSBUX02351
- secunia.com: 31207
- secunia.com: 31031
- vupen.com: ADV-2008-2584
- secunia.com: 31451
- vupen.com: ADV-2008-2051
- secunia.com: 30977
- redhat.com: RHSA-2008:0789
- vupen.com: ADV-2008-2377
- h20000.www2.hp.com: HPSBNS02405
- securitytracker.com: 1020558
- secunia.com: 31221
- rhn.redhat.com: RHSA-2008:0533
- openbsd.org: [4.3] 004: SECURITY FIX: July 23, 2008
- securitytracker.com: 1020804
- secunia.com: 31143
- securityfocus.com: 20080808 New paper: An Illustrated Guide to the Kaminsky DNS Vulnerability
- vupen.com: ADV-2008-2195
- vupen.com: ADV-2008-2196
- secunia.com: 33714
- marc.info: HPSBTU02358
- secunia.com: 33786
- securitytracker.com: 1020448
- secunia.com: 31882
- vupen.com: ADV-2008-2384
- ibm.com: IZ26669
- http://up2date.astaro.com/2008/08/up2date_7202_released.html
- vupen.com: ADV-2008-2123
- http://support.apple.com/kb/HT3026
- secunia.com: 31014
- secunia.com: 30979
- securitytracker.com: 1020575
- http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
- vupen.com: ADV-2008-2482
- ibm.com: IZ26672
- http://support.apple.com/kb/HT3129
- debian.org: DSA-1619
- vupen.com: ADV-2008-2166
- secunia.com: 31072
- vupen.com: ADV-2008-2139
- oval.cisecurity.org: oval:org.mitre.oval:def:5761
- vupen.com: ADV-2008-2092
- secunia.com: 31482
- ibm.com: IZ26670
- mandriva.com: MDVSA-2008:139
- oval.cisecurity.org: oval:org.mitre.oval:def:5917
- secunia.com: 30989
- vupen.com: ADV-2008-2055
- h20000.www2.hp.com: SSRT071449
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=762152
- http://www.ipcop.org/index.php?name=News&file=article&sid=40
- secunia.com: 31065
- secunia.com: 31254
- securityfocus.com: 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
- http://www.doxpara.com/?p=1176
- ftp.netbsd.org: NetBSD-SA2008-009
- ubuntu.com: USN-627-1
- vupen.com: ADV-2010-0622
- securitytracker.com: 1020576
- http://www.isc.org/index.pl?/sw/bind/bind-security.php
- h20000.www2.hp.com: HPSBOV02357
- secunia.com: 31153
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231
- vupen.com: ADV-2008-2549
- ibm.com: IZ26667
- http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html
- secunia.com: 31213
- secunia.com: 31030
- ubuntu.com: USN-622-1
- secunia.com: 31033
- http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
- securitytracker.com: 1020440
- lists.apple.com: APPLE-SA-2008-09-12
- http://www.doxpara.com/DMK_BO2K8.ppt
- lists.grok.org.uk: 20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
- debian.org: DSA-1604
- secunia.com: 31823
- secunia.com: 31326
- vupen.com: ADV-2008-2558
- exploit-db.com: 6122
- oval.cisecurity.org: oval:org.mitre.oval:def:5725
- http://www.caughq.org/exploits/CAU-EX-2008-0003.txt
- exchange.xforce.ibmcloud.com: cisco-multiple-dns-cache-poisoning(43637)
- vupen.com: ADV-2008-2383
- securitytracker.com: 1020560
- secunia.com: 31900
- http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q
- http://support.citrix.com/article/CTX118183
- secunia.com: 30925
- vupen.com: ADV-2009-0311
- http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
- debian.org: DSA-1623
- vupen.com: ADV-2008-2582
- http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
- debian.org: DSA-1605
- http://www.novell.com/support/viewContent.do?externalId=7000912
- http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning
- vupen.com: ADV-2008-2342
- vupen.com: ADV-2008-2114
- secunia.com: 30973
- secunia.com: 31204
- secunia.com: 31354
- security.gentoo.org: GLSA-200812-17
- oval.cisecurity.org: oval:org.mitre.oval:def:12117
- secunia.com: 33178
- secunia.com: 30988
- lists.apple.com: APPLE-SA-2008-09-09
- secunia.com: 31011
- http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html
- vupen.com: ADV-2008-2334
- securitytracker.com: 1020577
- secunia.com: 31422
- secunia.com: 31197
- securitytracker.com: 1020548
- vupen.com: ADV-2008-2467
- sunsolve.sun.com: 240048
- us-cert.gov: TA08-190B
- us-cert.gov: TA08-190A
- security.gentoo.org: GLSA-200807-08
- secunia.com: 31022
- slackware.com: SSA:2008-191
- securitytracker.com: 1020449
- secunia.com: 31093
- secunia.com: 31052
- secunia.com: 30980
- slackware.com: SSA:2008-205-01
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401
- secunia.com: 31199
- vupen.com: ADV-2008-2030
- vupen.com: ADV-2008-2291
- vupen.com: ADV-2008-2023
- marc.info: SSRT090014
- vupen.com: ADV-2008-2466
- docs.microsoft.com: MS08-037
- secunia.com: 31212
- vupen.com: ADV-2008-2113
- secunia.com: 31152
- vupen.com: ADV-2008-2019
- vupen.com: ADV-2008-2197