中危 Cisco Access Gateway 4.x DNS Cache 加密问题漏洞

CVE编号

CVE-2008-1447

利用情况

POC 已公开

补丁情况

官方补丁

披露时间

2008-07-09
漏洞描述
DNS协议(1)在9.5.0-p1、9.4.2-p1和9.3.5-p1之前的BIND 8 和 9;在(2)Windows 2000 SP4、XP sp2和SP3以及服务器2003 SP1和sp2中的Microsoft DNS中;以及其他实现允许远程攻击者通过birthday 攻击欺骗DNS traffic,这种攻击使用 in-bailiwick referral来对递归解析器进行缓存中毒,这与DNS transaction IDs 和 source ports的随机性不足有关,也就是“DNS Insufficient Socket Entropy漏洞”或“Kaminsky 漏洞”。 

解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc
http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://marc.info/?l=bugtraq&m=121630706004256&w=2
http://marc.info/?l=bugtraq&m=121866517322103&w=2
http://marc.info/?l=bugtraq&m=123324863916385&w=2
http://marc.info/?l=bugtraq&m=141879471518471&w=2
http://rhn.redhat.com/errata/RHSA-2008-0533.html
http://secunia.com/advisories/30925
http://secunia.com/advisories/30973
http://secunia.com/advisories/30977
http://secunia.com/advisories/30979
http://secunia.com/advisories/30980
http://secunia.com/advisories/30988
http://secunia.com/advisories/30989
http://secunia.com/advisories/30998
http://secunia.com/advisories/31011
http://secunia.com/advisories/31012
http://secunia.com/advisories/31014
http://secunia.com/advisories/31019
http://secunia.com/advisories/31022
http://secunia.com/advisories/31030
http://secunia.com/advisories/31031
http://secunia.com/advisories/31033
http://secunia.com/advisories/31052
http://secunia.com/advisories/31065
http://secunia.com/advisories/31072
http://secunia.com/advisories/31093
http://secunia.com/advisories/31094
http://secunia.com/advisories/31137
http://secunia.com/advisories/31143
http://secunia.com/advisories/31151
http://secunia.com/advisories/31152
http://secunia.com/advisories/31153
http://secunia.com/advisories/31169
http://secunia.com/advisories/31197
http://secunia.com/advisories/31199
http://secunia.com/advisories/31204
http://secunia.com/advisories/31207
http://secunia.com/advisories/31209
http://secunia.com/advisories/31212
http://secunia.com/advisories/31213
http://secunia.com/advisories/31221
http://secunia.com/advisories/31236
http://secunia.com/advisories/31237
http://secunia.com/advisories/31254
http://secunia.com/advisories/31326
http://secunia.com/advisories/31354
http://secunia.com/advisories/31422
http://secunia.com/advisories/31430
http://secunia.com/advisories/31451
http://secunia.com/advisories/31482
http://secunia.com/advisories/31495
http://secunia.com/advisories/31588
http://secunia.com/advisories/31687
http://secunia.com/advisories/31823
http://secunia.com/advisories/31882
http://secunia.com/advisories/31900
http://secunia.com/advisories/33178
http://secunia.com/advisories/33714
http://secunia.com/advisories/33786
http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc
http://security.gentoo.org/glsa/glsa-200807-08.xml
http://security.gentoo.org/glsa/glsa-200812-17.xml
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackw...
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackw...
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-240048-1
http://support.apple.com/kb/HT3026
http://support.apple.com/kb/HT3129
http://support.citrix.com/article/CTX117991
http://support.citrix.com/article/CTX118183
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=762152
http://up2date.astaro.com/2008/08/up2date_7202_released.html
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning
http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
http://www.caughq.org/exploits/CAU-EX-2008-0003.txt
http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml
http://www.debian.org/security/2008/dsa-1603
http://www.debian.org/security/2008/dsa-1604
http://www.debian.org/security/2008/dsa-1605
http://www.debian.org/security/2008/dsa-1619
http://www.debian.org/security/2008/dsa-1623
http://www.doxpara.com/?p=1176
http://www.doxpara.com/DMK_BO2K8.ppt
http://www.ibm.com/support/docview.wss?uid=isg1IZ26667
http://www.ibm.com/support/docview.wss?uid=isg1IZ26668
http://www.ibm.com/support/docview.wss?uid=isg1IZ26669
http://www.ibm.com/support/docview.wss?uid=isg1IZ26670
http://www.ibm.com/support/docview.wss?uid=isg1IZ26671
http://www.ibm.com/support/docview.wss?uid=isg1IZ26672
http://www.ipcop.org/index.php?name=News&file=article&sid=40
http://www.isc.org/index.pl?/sw/bind/bind-security.php
http://www.kb.cert.org/vuls/id/800113
http://www.kb.cert.org/vuls/id/MIMG-7DWR4J
http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q
http://www.mandriva.com/security/advisories?name=MDVSA-2008:139
http://www.nominum.com/asset_upload_file741_2661.pdf
http://www.novell.com/support/viewContent.do?externalId=7000912
http://www.openbsd.org/errata42.html#013_bind
http://www.openbsd.org/errata43.html#004_bind
http://www.phys.uu.nl/~rombouts/pdnsd.html
http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog
http://www.redhat.com/support/errata/RHSA-2008-0789.html
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
http://www.securityfocus.com/archive/1/495289/100/0/threaded
http://www.securityfocus.com/archive/1/495869/100/0/threaded
http://www.securityfocus.com/bid/30131
http://www.securitytracker.com/id?1020437
http://www.securitytracker.com/id?1020438
http://www.securitytracker.com/id?1020440
http://www.securitytracker.com/id?1020448
http://www.securitytracker.com/id?1020449
http://www.securitytracker.com/id?1020548
http://www.securitytracker.com/id?1020558
http://www.securitytracker.com/id?1020560
http://www.securitytracker.com/id?1020561
http://www.securitytracker.com/id?1020575
http://www.securitytracker.com/id?1020576
http://www.securitytracker.com/id?1020577
http://www.securitytracker.com/id?1020578
http://www.securitytracker.com/id?1020579
http://www.securitytracker.com/id?1020651
http://www.securitytracker.com/id?1020653
http://www.securitytracker.com/id?1020702
http://www.securitytracker.com/id?1020802
http://www.securitytracker.com/id?1020804
http://www.ubuntu.com/usn/usn-622-1
http://www.ubuntu.com/usn/usn-627-1
http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
http://www.us-cert.gov/cas/techalerts/TA08-190A.html
http://www.us-cert.gov/cas/techalerts/TA08-190B.html
http://www.us-cert.gov/cas/techalerts/TA08-260A.html
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
http://www.vupen.com/english/advisories/2008/2019/references
http://www.vupen.com/english/advisories/2008/2023/references
http://www.vupen.com/english/advisories/2008/2025/references
http://www.vupen.com/english/advisories/2008/2029/references
http://www.vupen.com/english/advisories/2008/2030/references
http://www.vupen.com/english/advisories/2008/2050/references
http://www.vupen.com/english/advisories/2008/2051/references
http://www.vupen.com/english/advisories/2008/2052/references
http://www.vupen.com/english/advisories/2008/2055/references
http://www.vupen.com/english/advisories/2008/2092/references
http://www.vupen.com/english/advisories/2008/2113/references
http://www.vupen.com/english/advisories/2008/2114/references
http://www.vupen.com/english/advisories/2008/2123/references
http://www.vupen.com/english/advisories/2008/2139/references
http://www.vupen.com/english/advisories/2008/2166/references
http://www.vupen.com/english/advisories/2008/2195/references
http://www.vupen.com/english/advisories/2008/2196/references
http://www.vupen.com/english/advisories/2008/2197/references
http://www.vupen.com/english/advisories/2008/2268
http://www.vupen.com/english/advisories/2008/2291
http://www.vupen.com/english/advisories/2008/2334
http://www.vupen.com/english/advisories/2008/2342
http://www.vupen.com/english/advisories/2008/2377
http://www.vupen.com/english/advisories/2008/2383
http://www.vupen.com/english/advisories/2008/2384
http://www.vupen.com/english/advisories/2008/2466
http://www.vupen.com/english/advisories/2008/2467
http://www.vupen.com/english/advisories/2008/2482
http://www.vupen.com/english/advisories/2008/2525
http://www.vupen.com/english/advisories/2008/2549
http://www.vupen.com/english/advisories/2008/2558
http://www.vupen.com/english/advisories/2008/2582
http://www.vupen.com/english/advisories/2008/2584
http://www.vupen.com/english/advisories/2009/0297
http://www.vupen.com/english/advisories/2009/0311
http://www.vupen.com/english/advisories/2010/0622
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-037
https://exchange.xforce.ibmcloud.com/vulnerabilities/43334
https://exchange.xforce.ibmcloud.com/vulnerabilities/43637
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://www.exploit-db.com/exploits/6122
https://www.exploit-db.com/exploits/6123
https://www.exploit-db.com/exploits/6130
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 isc bind 4 -
运行在以下环境
应用 isc bind 8 -
运行在以下环境
应用 isc bind 9.2.9 -
运行在以下环境
系统 canonical ubuntu_linux 6.06 -
运行在以下环境
系统 canonical ubuntu_linux 7.04 -
运行在以下环境
系统 canonical ubuntu_linux 7.10 -
运行在以下环境
系统 canonical ubuntu_linux 8.04 -
运行在以下环境
系统 centos_5 bind-libs * Up to
(excluding)
9.3.4-6.0.1.P1.el5_2
运行在以下环境
系统 cisco ios 12.0 -
运行在以下环境
系统 debian debian_linux 4.0 -
运行在以下环境
系统 debian_10 adns * Up to
(excluding)
1.4-2
运行在以下环境
系统 debian_11 adns * Up to
(excluding)
1.4-2
运行在以下环境
系统 debian_12 adns * Up to
(excluding)
1.4-2
运行在以下环境
系统 debian_4.0 bind9 * Up to
(excluding)
1:9.3.4-2etch3
运行在以下环境
系统 debian_5.0 bind9 * Up to
(excluding)
1:9.4.2-10+lenny1
运行在以下环境
系统 debian_9 dnspython * Up to
(including)
1.15.0-1+deb9u1
运行在以下环境
系统 microsoft windows_2000 * -
运行在以下环境
系统 microsoft windows_server_2003 - -
运行在以下环境
系统 microsoft windows_xp * -
运行在以下环境
系统 microsoft windows_xp - -
运行在以下环境
系统 opensuse_10.2 bind * Up to
(excluding)
9.3.5P1-0.1
运行在以下环境
系统 opensuse_10.3 bind * Up to
(excluding)
1.2.0-14.4
运行在以下环境
系统 opensuse_11.0 bind * Up to
(excluding)
2.0.0-3.3
运行在以下环境
系统 oracle_5 oraclelinux-release * Up to
(excluding)
9.3.4-6.0.2.P1.el5_2
运行在以下环境
系统 redhat enterprise_linux 2.1 -
运行在以下环境
系统 redhat enterprise_linux 5 -
运行在以下环境
系统 redhat enterprise_linux 5.0 -
运行在以下环境
系统 redhat_5 dnsmasq * Up to
(excluding)
0:2.45-1.el5_2.1
运行在以下环境
系统 suse_11 libadns1 * Up to
(excluding)
1.4-73
阿里云评分
4.1
  • 攻击路径
    远程
  • 攻击复杂度
    困难
  • 权限要求
    无需权限
  • 影响范围
    越权影响
  • EXP成熟度
    POC 已公开
  • 补丁情况
    官方补丁
  • 数据保密性
    无影响
  • 数据完整性
    无影响
  • 服务器危害
    无影响
  • 全网数量
    100
CWE-ID 漏洞类型
CWE-331 信息熵不充分
阿里云安全产品覆盖情况