CVE-2008-1447

MEDIUM

BIND < 9.5.0-P1, 9.4.2-P1, 9.3.5-P1 - DNS Cache Poisoning via Insufficient Transaction ID and Source Port Entropy

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-2008-1447. PoCs published by Marc Bevand, Julien Desfossez, I)ruid, including Metasploit module auxiliary/spoof/dns/bailiwicked_domain.

AI-analyzed exploit summary This is a functional proof-of-concept exploit for CVE-2008-1447, implementing the Kaminsky DNS cache poisoning attack. It crafts malicious DNS responses to poison a resolver's cache by exploiting predictable transaction IDs and port numbers.

Description

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."

Exploits (6)

exploitdb WORKING POC VERIFIED
by Marc Bevand · cremotemultiple
https://www.exploit-db.com/exploits/6130

This is a functional proof-of-concept exploit for CVE-2008-1447, implementing the Kaminsky DNS cache poisoning attack. It crafts malicious DNS responses to poison a resolver's cache by exploiting predictable transaction IDs and port numbers.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Racy
Target: DNS resolvers (e.g., BIND, Microsoft DNS)
No auth needed
Prerequisites: Network access to target DNS resolver · Ability to spoof DNS responses
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Julien Desfossez · pythonremotemultiple
https://www.exploit-db.com/exploits/6123

This exploit leverages the DNS cache poisoning vulnerability (CVE-2008-1447) by brute-forcing transaction IDs to inject a malicious DNS record into a vulnerable DNS server. It uses Scapy to craft and send spoofed DNS responses.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Racy
Target: DNS servers vulnerable to cache poisoning (e.g., BIND, Microsoft DNS)
No auth needed
Prerequisites: Knowledge of the vulnerable DNS server's source port · Ability to send spoofed DNS responses to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by I)ruid · rubyremotemultiple
https://www.exploit-db.com/exploits/6122

This exploit targets the Kaminsky DNS Cache Poisoning flaw (CVE-2008-1447) by injecting malicious DNS records into a vulnerable DNS resolver. It replaces legitimate nameservers for a target domain with attacker-controlled ones via spoofed DNS responses.

Classification
Working Poc 100%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: BIND 9.4.1-9.4.2
No auth needed
Prerequisites: Vulnerable DNS resolver with predictable query IDs · Network access to target DNS server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by hamlasiraj · poc
https://github.com/hamlasiraj/metasploit-bailiwicked_domain-fix

This repository provides a functional Metasploit module for exploiting CVE-2008-1447, a DNS cache poisoning vulnerability, with a fix for a runtime error (`undefined method each` for `IPAddr`). The module replaces target domain nameserver entries in vulnerable DNS servers.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Racy
Target: DNS implementations (e.g., BIND, Microsoft DNS)
No auth needed
Prerequisites: Network access to vulnerable DNS server · Ability to spoof DNS responses
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC
by I)ruid, hdm · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/spoof/dns/bailiwicked_domain.rb

This Metasploit module exploits CVE-2008-1447, a DNS cache poisoning vulnerability, by sending spoofed DNS responses to replace nameserver entries for a target domain. It uses randomized transaction IDs and source ports to bypass DNS server validation.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Racy
Target: DNS implementations (e.g., BIND, Microsoft DNS)
No auth needed
Prerequisites: Network access to vulnerable DNS server · Ability to spoof DNS responses
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by I)ruid, hdm · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/spoof/dns/bailiwicked_host.rb

This Metasploit module exploits CVE-2008-1447, a DNS cache poisoning vulnerability, by sending spoofed DNS responses to inject malicious host entries into a target nameserver's cache. It leverages the bailiwick constraint flaw discovered by Dan Kaminsky.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Racy
Target: DNS implementations (various)
No auth needed
Prerequisites: Network access to target DNS server · Ability to spoof DNS responses
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (196)

Core 196
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2052/references
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020438
Third Party Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/800113
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31137
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31430
Third Party Advisory, US Government Resource x_refsource_confirm
http://www.kb.cert.org/vuls/id/MIMG-7DWR4J
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31169
Third Party Advisory x_refsource_confirm
http://www.phys.uu.nl/~rombouts/pdnsd.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020702
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201209-25.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020561
Third Party Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2008-0014.html
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=141879471518471&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020578
Third Party Advisory vendor-advisory x_refsource_freebsd
http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020802
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=123324863916385&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30131
Third Party Advisory vendor-advisory x_refsource_openbsd
http://www.openbsd.org/errata42.html#013_bind
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31236
Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020651
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020437
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31209
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31012
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31151
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2050/references
Third Party Advisory x_refsource_confirm
http://support.citrix.com/article/CTX117991
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31237
Third Party Advisory x_refsource_confirm
http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog
Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43334
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31495
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6130
Third Party Advisory vendor-advisory x_refsource_cisco
http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020579
Third Party Advisory x_refsource_misc
http://www.nominum.com/asset_upload_file741_2661.pdf
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020653
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30998
Patch vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1603
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2525
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31094
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=isg1IZ26668
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31687
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2025/references
Third Party Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-260A.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31588
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31019
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2029/references
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=121630706004256&w=2
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6123
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=isg1IZ26671
Third Party Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2268
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0297
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31207
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31031
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2584
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31451
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2051/references
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30977
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0789.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2377
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020558
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31221
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2008-0533.html
Third Party Advisory vendor-advisory x_refsource_openbsd
http://www.openbsd.org/errata43.html#004_bind
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020804
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31143
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/495289/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2195/references
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2196/references
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33714
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=121866517322103&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33786
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020448
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31882
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2384
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=isg1IZ26669
Third Party Advisory x_refsource_confirm
http://up2date.astaro.com/2008/08/up2date_7202_released.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2123/references
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT3026
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31014
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30979
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020575
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2482
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=isg1IZ26672
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT3129
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1619
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2166/references
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31072
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2139/references
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2092/references
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31482
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=isg1IZ26670
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:139
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30989
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2055/references
Third Party Advisory x_refsource_confirm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=762152
Third Party Advisory x_refsource_confirm
http://www.ipcop.org/index.php?name=News&file=article&sid=40
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31065
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31254
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/495869/100/0/threaded
Third Party Advisory x_refsource_misc
http://www.doxpara.com/?p=1176
Third Party Advisory, Vendor Advisory vendor-advisory x_refsource_netbsd
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-627-1
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0622
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020576
Third Party Advisory x_refsource_confirm
http://www.isc.org/index.pl?/sw/bind/bind-security.php
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31153
Third Party Advisory x_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2549
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=isg1IZ26667
Third Party Advisory x_refsource_confirm
http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31213
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31030
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-622-1
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31033
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020440
Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html
Third Party Advisory x_refsource_misc
http://www.doxpara.com/DMK_BO2K8.ppt
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1604
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31823
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31326
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2558
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6122
Third Party Advisory x_refsource_misc
http://www.caughq.org/exploits/CAU-EX-2008-0003.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43637
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2383
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020560
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31900
Third Party Advisory, US Government Resource x_refsource_confirm
http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q
Third Party Advisory x_refsource_confirm
http://support.citrix.com/article/CTX118183
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30925
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0311
Third Party Advisory x_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1623
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2582
Third Party Advisory x_refsource_misc
http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1605
Third Party Advisory x_refsource_confirm
http://www.novell.com/support/viewContent.do?externalId=7000912
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2342
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2114/references
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30973
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31204
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31354
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200812-17.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33178
Third Party Advisory, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30988
Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31011
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2334
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020577
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31422
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31197
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020548
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2467
Third Party Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-240048-1
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-190B.html
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-190A.html
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200807-08.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31022
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020449
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31093
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31052
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30980
Third Party Advisory x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31199
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2030/references
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2291
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2023/references
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2466
Patch, Vendor Advisory vendor-advisory x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-037
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31212
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2113/references
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31152
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2019/references
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2197/references

Scores

CVSS v3 6.8
EPSS 0.9518
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

Details

CWE
CWE-331
Status published
Products (3)
isc/bind 4
isc/bind 8
isc/bind 9.2.9
Published Jul 08, 2008
Tracked Since Feb 18, 2026