Oval Definition:oval:org.mitre.oval:def:5725
Revision Date:2011-11-14Version:44
Title:DNS Insufficient Socket Entropy Vulnerability
Description:The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2008-1447
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows XP
Product(s):
Definition Synopsis
  • Win 2K SP4 and vulnerable version of file
  • Microsoft Windows 2000 SP4 or later is installed
  • AND Check for vulnerable version of server or client file
  • dnsapi.dll version is less than 5.0.2195.7280
  • OR Dns.exe version is less than 5.0.2195.7162
  • OR Win XP SP2 X86 and vulnerable version of client file
  • Microsoft Windows XP (x86) SP2 is installed
  • AND dnsapi.dll version is less than 5.1.2600.3394
  • OR Win XP SP3 X86 and vulnerable version of client file
  • Microsoft Windows XP (x86) SP3 is installed
  • AND dnsapi.dll version is less than 5.1.2600.5625
  • OR Win XP X64 SP1 and vulnerable version of client file
  • Microsoft Windows XP Professional x64 Edition SP1 is installed
  • AND dnsapi.dll version is less than 5.2.3790.3161
  • OR Win XP X64 and vulnerable version of client file
  • Microsoft Windows XP x64 Edition SP2 is installed
  • AND dnsapi.dll version is less than 5.2.3790.4318
  • OR Win 2k3 SP1 and vulnerable version of client or server file
  • Win 2K3 SP1 (X86/ X64/IA64)
  • Microsoft Windows Server 2003 SP1 (x86) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 SP1 for Itanium is installed
  • AND Check for vulnerable version of client or server file
  • dnsapi.dll version is less than 5.2.3790.3161
  • OR dns.exe version is less than 5.2.3790.3161
  • OR Win 2k3 SP2 and vulnerable version of client or server file
  • Win 2K3 SP2 (X86/ X64/IA64)
  • Microsoft Windows Server 2003 SP2 (x86) is installed
  • OR Microsoft Windows Server 2003 SP2 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) SP2 is installed
  • AND Check for vulnerable version of client or server file
  • dnsapi.dll version is less than 5.2.3790.4318
  • OR dns.exe version is less than 5.2.3790.4318
    • BACK