CVE-2008-1447

EUVD-2008-1451

08.07.2008, 23:41

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Affected Products (NVD)

Vendor	Product	Version
isc	bind	9.2.9

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

adns

bookworm	1.6.0-2 fixed
bullseye	1.6.0-2 fixed
sid	1.6.1-1 fixed
trixie	1.6.1-1 fixed

bind9

bookworm	1:9.18.28-1~deb12u2 fixed
bookworm (security)	1:9.18.28-1~deb12u2 fixed
bullseye	1:9.16.50-1~deb11u2 fixed
bullseye (security)	1:9.16.50-1~deb11u1 fixed
sid	1:9.20.2-1 fixed
trixie	1:9.20.2-1 fixed

dnsmasq

bookworm	2.89-1 fixed
bullseye	2.85-1 fixed
sid	2.90-4 fixed
trixie	2.90-4 fixed

dnspython

bookworm	2.3.0-1 fixed
bullseye	2.0.0-1 fixed
sid	2.6.1-1 fixed
trixie	2.6.1-1 fixed

libnet-dns-perl

bookworm	1.36-1 fixed
bullseye	1.29-1 fixed
sid	1.47-1 fixed
trixie	1.47-1 fixed

refpolicy

bookworm	2:2.20221101-9 fixed
bullseye	2:2.20210203-7 fixed
sid	2:2.20241013-1 fixed
trixie	2:2.20241013-1 fixed

udns

bookworm	0.4-1 fixed
bullseye	0.4-1 fixed
sid	0.6-1 fixed
trixie	0.6-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

bind9

dapper	Fixed 1:9.3.2-2ubuntu1.5 released
feisty	Fixed 1:9.3.4-2ubuntu2.3 released
gutsy	Fixed 1:9.4.1-P1-3ubuntu2 released
hardy	Fixed 1:9.4.2-10ubuntu0.1 released
intrepid	Fixed 1:9.5.0.dfsg.P1-2~build1 released
jaunty	Fixed 1:9.5.0.dfsg.P1-2~build1 released
karmic	Fixed 1:9.5.0.dfsg.P1-2~build1 released

dnsmasq

dapper	ignored
feisty	ignored
gutsy	ignored
hardy	Fixed 2.41-2ubuntu2.1 released
intrepid	Fixed 2.43-1ubuntu1 released
jaunty	Fixed 2.43-1ubuntu1 released
karmic	Fixed 2.43-1ubuntu1 released

eglibc

dapper	dne
feisty	dne
gutsy	dne
hardy	dne
intrepid	dne
jaunty	dne
karmic	not-affected

glibc

dapper	not-affected
feisty	ignored
gutsy	ignored
hardy	not-affected
intrepid	not-affected
jaunty	not-affected
karmic	dne

python-dns

dapper	Fixed 2.3.0-5ubuntu1.2 released
feisty	Fixed 2.3.0-5.1ubuntu2.2 released
gutsy	Fixed 2.3.1-1ubuntu0.2 released
hardy	Fixed 2.3.1-2ubuntu0.2 released
intrepid	not-affected
jaunty	not-affected
karmic	not-affected

Common Weakness Enumeration

CWE-331 - Insufficient Entropy
The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc

http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368

http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html

http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html

http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html

http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html

http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://marc.info/?l=bugtraq&m=121630706004256&w=2

http://marc.info/?l=bugtraq&m=121866517322103&w=2

http://marc.info/?l=bugtraq&m=123324863916385&w=2

http://marc.info/?l=bugtraq&m=141879471518471&w=2

http://rhn.redhat.com/errata/RHSA-2008-0533.html

http://secunia.com/advisories/30925

http://secunia.com/advisories/30973

http://secunia.com/advisories/30977

http://secunia.com/advisories/30979

http://secunia.com/advisories/30980

http://secunia.com/advisories/30988

http://secunia.com/advisories/30989

http://secunia.com/advisories/30998

http://secunia.com/advisories/31011

http://secunia.com/advisories/31012

http://secunia.com/advisories/31014

http://secunia.com/advisories/31019

http://secunia.com/advisories/31022

http://secunia.com/advisories/31030

http://secunia.com/advisories/31031

http://secunia.com/advisories/31033

http://secunia.com/advisories/31052

http://secunia.com/advisories/31065

http://secunia.com/advisories/31072

http://secunia.com/advisories/31093

http://secunia.com/advisories/31094

http://secunia.com/advisories/31137

http://secunia.com/advisories/31143

http://secunia.com/advisories/31151

http://secunia.com/advisories/31152

http://secunia.com/advisories/31153

http://secunia.com/advisories/31169

http://secunia.com/advisories/31197

http://secunia.com/advisories/31199

http://secunia.com/advisories/31204

http://secunia.com/advisories/31207

http://secunia.com/advisories/31209

http://secunia.com/advisories/31212

http://secunia.com/advisories/31213

http://secunia.com/advisories/31221

http://secunia.com/advisories/31236

http://secunia.com/advisories/31237

http://secunia.com/advisories/31254

http://secunia.com/advisories/31326

http://secunia.com/advisories/31354

http://secunia.com/advisories/31422

http://secunia.com/advisories/31430

http://secunia.com/advisories/31451

http://secunia.com/advisories/31482

http://secunia.com/advisories/31495

http://secunia.com/advisories/31588

http://secunia.com/advisories/31687

http://secunia.com/advisories/31823

http://secunia.com/advisories/31882

http://secunia.com/advisories/31900

http://secunia.com/advisories/33178

http://secunia.com/advisories/33714

http://secunia.com/advisories/33786

http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc

http://security.gentoo.org/glsa/glsa-200807-08.xml

http://security.gentoo.org/glsa/glsa-200812-17.xml

http://security.gentoo.org/glsa/glsa-201209-25.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.452680

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.539239

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-240048-1

http://support.apple.com/kb/HT3026

http://support.apple.com/kb/HT3129

http://support.citrix.com/article/CTX117991

http://support.citrix.com/article/CTX118183

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=762152

http://up2date.astaro.com/2008/08/up2date_7202_released.html

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231

http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018

http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning

http://www.caughq.org/exploits/CAU-EX-2008-0002.txt

http://www.caughq.org/exploits/CAU-EX-2008-0003.txt

http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml

http://www.debian.org/security/2008/dsa-1603

http://www.debian.org/security/2008/dsa-1604

http://www.debian.org/security/2008/dsa-1605

http://www.debian.org/security/2008/dsa-1619

http://www.debian.org/security/2008/dsa-1623

http://www.doxpara.com/?p=1176

http://www.doxpara.com/DMK_BO2K8.ppt

http://www.ibm.com/support/docview.wss?uid=isg1IZ26667

http://www.ibm.com/support/docview.wss?uid=isg1IZ26668

http://www.ibm.com/support/docview.wss?uid=isg1IZ26669

http://www.ibm.com/support/docview.wss?uid=isg1IZ26670

http://www.ibm.com/support/docview.wss?uid=isg1IZ26671

http://www.ibm.com/support/docview.wss?uid=isg1IZ26672

http://www.ipcop.org/index.php?name=News&file=article&sid=40

http://www.isc.org/index.pl?/sw/bind/bind-security.php

http://www.kb.cert.org/vuls/id/800113

http://www.kb.cert.org/vuls/id/MIMG-7DWR4J

http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q

http://www.mandriva.com/security/advisories?name=MDVSA-2008:139

http://www.nominum.com/asset_upload_file741_2661.pdf

http://www.novell.com/support/viewContent.do?externalId=7000912

http://www.openbsd.org/errata42.html#013_bind

http://www.openbsd.org/errata43.html#004_bind

http://www.phys.uu.nl/~rombouts/pdnsd.html

http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog

http://www.redhat.com/support/errata/RHSA-2008-0789.html

http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html

http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/

http://www.securityfocus.com/archive/1/495289/100/0/threaded

http://www.securityfocus.com/archive/1/495869/100/0/threaded

http://www.securityfocus.com/bid/30131

http://www.securitytracker.com/id?1020437

http://www.securitytracker.com/id?1020438

http://www.securitytracker.com/id?1020440

http://www.securitytracker.com/id?1020448

http://www.securitytracker.com/id?1020449

http://www.securitytracker.com/id?1020548

http://www.securitytracker.com/id?1020558

http://www.securitytracker.com/id?1020560

http://www.securitytracker.com/id?1020561

http://www.securitytracker.com/id?1020575

http://www.securitytracker.com/id?1020576

http://www.securitytracker.com/id?1020577

http://www.securitytracker.com/id?1020578

http://www.securitytracker.com/id?1020579

http://www.securitytracker.com/id?1020651

http://www.securitytracker.com/id?1020653

http://www.securitytracker.com/id?1020702

http://www.securitytracker.com/id?1020802

http://www.securitytracker.com/id?1020804

http://www.ubuntu.com/usn/usn-622-1

http://www.ubuntu.com/usn/usn-627-1

http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html

http://www.us-cert.gov/cas/techalerts/TA08-190A.html

http://www.us-cert.gov/cas/techalerts/TA08-190B.html

http://www.us-cert.gov/cas/techalerts/TA08-260A.html

http://www.vmware.com/security/advisories/VMSA-2008-0014.html

http://www.vupen.com/english/advisories/2008/2019/references

http://www.vupen.com/english/advisories/2008/2023/references

http://www.vupen.com/english/advisories/2008/2025/references

http://www.vupen.com/english/advisories/2008/2029/references

http://www.vupen.com/english/advisories/2008/2030/references

http://www.vupen.com/english/advisories/2008/2050/references

http://www.vupen.com/english/advisories/2008/2051/references

http://www.vupen.com/english/advisories/2008/2052/references

http://www.vupen.com/english/advisories/2008/2055/references

http://www.vupen.com/english/advisories/2008/2092/references

http://www.vupen.com/english/advisories/2008/2113/references

http://www.vupen.com/english/advisories/2008/2114/references

http://www.vupen.com/english/advisories/2008/2123/references

http://www.vupen.com/english/advisories/2008/2139/references

http://www.vupen.com/english/advisories/2008/2166/references

http://www.vupen.com/english/advisories/2008/2195/references

http://www.vupen.com/english/advisories/2008/2196/references

http://www.vupen.com/english/advisories/2008/2197/references

http://www.vupen.com/english/advisories/2008/2268

http://www.vupen.com/english/advisories/2008/2291

http://www.vupen.com/english/advisories/2008/2334

http://www.vupen.com/english/advisories/2008/2342

http://www.vupen.com/english/advisories/2008/2377

http://www.vupen.com/english/advisories/2008/2383

http://www.vupen.com/english/advisories/2008/2384

http://www.vupen.com/english/advisories/2008/2466

http://www.vupen.com/english/advisories/2008/2467

http://www.vupen.com/english/advisories/2008/2482

http://www.vupen.com/english/advisories/2008/2525

http://www.vupen.com/english/advisories/2008/2549

http://www.vupen.com/english/advisories/2008/2558

http://www.vupen.com/english/advisories/2008/2582

http://www.vupen.com/english/advisories/2008/2584

http://www.vupen.com/english/advisories/2009/0297

http://www.vupen.com/english/advisories/2009/0311

http://www.vupen.com/english/advisories/2010/0622

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-037

https://exchange.xforce.ibmcloud.com/vulnerabilities/43334

https://exchange.xforce.ibmcloud.com/vulnerabilities/43637

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12117

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5725

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5761

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5917

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9627

https://www.exploit-db.com/exploits/6122

https://www.exploit-db.com/exploits/6123

https://www.exploit-db.com/exploits/6130

https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html

https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc

http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01523520

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01662368

http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html

http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html

http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html

http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html

http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://marc.info/?l=bugtraq&m=121630706004256&w=2

http://marc.info/?l=bugtraq&m=121866517322103&w=2

http://marc.info/?l=bugtraq&m=123324863916385&w=2

http://marc.info/?l=bugtraq&m=141879471518471&w=2

http://rhn.redhat.com/errata/RHSA-2008-0533.html

http://secunia.com/advisories/30925

http://secunia.com/advisories/30973

http://secunia.com/advisories/30977

http://secunia.com/advisories/30979

http://secunia.com/advisories/30980

http://secunia.com/advisories/30988

http://secunia.com/advisories/30989

http://secunia.com/advisories/30998

http://secunia.com/advisories/31011

http://secunia.com/advisories/31012

http://secunia.com/advisories/31014

http://secunia.com/advisories/31019

http://secunia.com/advisories/31022

http://secunia.com/advisories/31030

http://secunia.com/advisories/31031

http://secunia.com/advisories/31033

http://secunia.com/advisories/31052

http://secunia.com/advisories/31065

http://secunia.com/advisories/31072

http://secunia.com/advisories/31093

http://secunia.com/advisories/31094

http://secunia.com/advisories/31137

http://secunia.com/advisories/31143

http://secunia.com/advisories/31151

http://secunia.com/advisories/31152

http://secunia.com/advisories/31153

http://secunia.com/advisories/31169

http://secunia.com/advisories/31197

http://secunia.com/advisories/31199

http://secunia.com/advisories/31204

http://secunia.com/advisories/31207

http://secunia.com/advisories/31209

http://secunia.com/advisories/31212

http://secunia.com/advisories/31213

http://secunia.com/advisories/31221

http://secunia.com/advisories/31236

http://secunia.com/advisories/31237

http://secunia.com/advisories/31254

http://secunia.com/advisories/31326

http://secunia.com/advisories/31354

http://secunia.com/advisories/31422

http://secunia.com/advisories/31430

http://secunia.com/advisories/31451

http://secunia.com/advisories/31482

http://secunia.com/advisories/31495

http://secunia.com/advisories/31588

http://secunia.com/advisories/31687

http://secunia.com/advisories/31823

http://secunia.com/advisories/31882

http://secunia.com/advisories/31900

http://secunia.com/advisories/33178

http://secunia.com/advisories/33714

http://secunia.com/advisories/33786

http://security.freebsd.org/advisories/FreeBSD-SA-08:06.bind.asc

http://security.gentoo.org/glsa/glsa-200807-08.xml

http://security.gentoo.org/glsa/glsa-200812-17.xml

http://security.gentoo.org/glsa/glsa-201209-25.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.452680

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.539239

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239392-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-240048-1

http://support.apple.com/kb/HT3026

http://support.apple.com/kb/HT3129

http://support.citrix.com/article/CTX117991

http://support.citrix.com/article/CTX118183

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=762152

http://up2date.astaro.com/2008/08/up2date_7202_released.html

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0231

http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018

http://www.bluecoat.com/support/security-advisories/dns_cache_poisoning

http://www.caughq.org/exploits/CAU-EX-2008-0002.txt

http://www.caughq.org/exploits/CAU-EX-2008-0003.txt

http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml

http://www.debian.org/security/2008/dsa-1603

http://www.debian.org/security/2008/dsa-1604

http://www.debian.org/security/2008/dsa-1605

http://www.debian.org/security/2008/dsa-1619

http://www.debian.org/security/2008/dsa-1623

http://www.doxpara.com/?p=1176

http://www.doxpara.com/DMK_BO2K8.ppt

http://www.ibm.com/support/docview.wss?uid=isg1IZ26667

http://www.ibm.com/support/docview.wss?uid=isg1IZ26668

http://www.ibm.com/support/docview.wss?uid=isg1IZ26669

http://www.ibm.com/support/docview.wss?uid=isg1IZ26670

http://www.ibm.com/support/docview.wss?uid=isg1IZ26671

http://www.ibm.com/support/docview.wss?uid=isg1IZ26672

http://www.ipcop.org/index.php?name=News&file=article&sid=40

http://www.isc.org/index.pl?/sw/bind/bind-security.php

http://www.kb.cert.org/vuls/id/800113

http://www.kb.cert.org/vuls/id/MIMG-7DWR4J

http://www.kb.cert.org/vuls/id/MIMG-7ECL8Q

http://www.mandriva.com/security/advisories?name=MDVSA-2008:139

http://www.nominum.com/asset_upload_file741_2661.pdf

http://www.novell.com/support/viewContent.do?externalId=7000912

http://www.openbsd.org/errata42.html#013_bind

http://www.openbsd.org/errata43.html#004_bind

http://www.phys.uu.nl/~rombouts/pdnsd.html

http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog

http://www.redhat.com/support/errata/RHSA-2008-0789.html

http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/VU800113.html

http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/

http://www.securityfocus.com/archive/1/495289/100/0/threaded

http://www.securityfocus.com/archive/1/495869/100/0/threaded

http://www.securityfocus.com/bid/30131

http://www.securitytracker.com/id?1020437

http://www.securitytracker.com/id?1020438

http://www.securitytracker.com/id?1020440

http://www.securitytracker.com/id?1020448

http://www.securitytracker.com/id?1020449

http://www.securitytracker.com/id?1020548

http://www.securitytracker.com/id?1020558

http://www.securitytracker.com/id?1020560

http://www.securitytracker.com/id?1020561

http://www.securitytracker.com/id?1020575

http://www.securitytracker.com/id?1020576

http://www.securitytracker.com/id?1020577

http://www.securitytracker.com/id?1020578

http://www.securitytracker.com/id?1020579

http://www.securitytracker.com/id?1020651

http://www.securitytracker.com/id?1020653

http://www.securitytracker.com/id?1020702

http://www.securitytracker.com/id?1020802

http://www.securitytracker.com/id?1020804

http://www.ubuntu.com/usn/usn-622-1

http://www.ubuntu.com/usn/usn-627-1

http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html

http://www.us-cert.gov/cas/techalerts/TA08-190A.html

http://www.us-cert.gov/cas/techalerts/TA08-190B.html

http://www.us-cert.gov/cas/techalerts/TA08-260A.html

http://www.vmware.com/security/advisories/VMSA-2008-0014.html

http://www.vupen.com/english/advisories/2008/2019/references

http://www.vupen.com/english/advisories/2008/2023/references

http://www.vupen.com/english/advisories/2008/2025/references

http://www.vupen.com/english/advisories/2008/2029/references

http://www.vupen.com/english/advisories/2008/2030/references

http://www.vupen.com/english/advisories/2008/2050/references

http://www.vupen.com/english/advisories/2008/2051/references

http://www.vupen.com/english/advisories/2008/2052/references

http://www.vupen.com/english/advisories/2008/2055/references

http://www.vupen.com/english/advisories/2008/2092/references

http://www.vupen.com/english/advisories/2008/2113/references

http://www.vupen.com/english/advisories/2008/2114/references

http://www.vupen.com/english/advisories/2008/2123/references

http://www.vupen.com/english/advisories/2008/2139/references

http://www.vupen.com/english/advisories/2008/2166/references

http://www.vupen.com/english/advisories/2008/2195/references

http://www.vupen.com/english/advisories/2008/2196/references

http://www.vupen.com/english/advisories/2008/2197/references

http://www.vupen.com/english/advisories/2008/2268

http://www.vupen.com/english/advisories/2008/2291

http://www.vupen.com/english/advisories/2008/2334

http://www.vupen.com/english/advisories/2008/2342

http://www.vupen.com/english/advisories/2008/2377

http://www.vupen.com/english/advisories/2008/2383

http://www.vupen.com/english/advisories/2008/2384

http://www.vupen.com/english/advisories/2008/2466

http://www.vupen.com/english/advisories/2008/2467

http://www.vupen.com/english/advisories/2008/2482

http://www.vupen.com/english/advisories/2008/2525

http://www.vupen.com/english/advisories/2008/2549

http://www.vupen.com/english/advisories/2008/2558

http://www.vupen.com/english/advisories/2008/2582

http://www.vupen.com/english/advisories/2008/2584

http://www.vupen.com/english/advisories/2009/0297

http://www.vupen.com/english/advisories/2009/0311

http://www.vupen.com/english/advisories/2010/0622

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-037

https://exchange.xforce.ibmcloud.com/vulnerabilities/43334

https://exchange.xforce.ibmcloud.com/vulnerabilities/43637

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12117

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5725

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5761

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5917

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9627

https://www.exploit-db.com/exploits/6122

https://www.exploit-db.com/exploits/6123

https://www.exploit-db.com/exploits/6130

https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html

https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html