CVE-2008-1447

Name of the Vulnerable Software and Affected Versions selinux-policy-refpolicy-targeted versions (affected versions not specified) BIND versions prior to 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1 Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 selinux-policy-targeted-1.17.30 selinux-policy-mls-2.4.6 selinux-policy-refpolicy-dev versions (affected versions not specified) selinux-policy-2.4.6 selinux-policy-devel-2.4.6 selinux-policy-refpolicy-strict versions (affected versions not specified) selinux-policy-targeted-2.4.6 selinux-policy-targeted-sources-1.17.30 selinux-policy-refpolicy-src versions (affected versions not specified) selinux-policy-strict-2.4.6 selinux-policy-refpolicy-doc versions (affected versions not specified) Multiple Cisco products (affected versions not specified)

Description The issue concerns multiple vulnerabilities in various software packages, including selinux-policy and DNS implementations, which can lead to disruption of data integrity and availability. These vulnerabilities can be exploited remotely. The DNS protocol vulnerability, in particular, allows remote attackers to spoof DNS traffic via a birthday attack, conducting cache poisoning against recursive resolvers due to insufficient randomness of DNS transaction IDs and source ports.

Recommendations For selinux-policy-refpolicy-targeted, update to a version that addresses the vulnerabilities. For BIND, update to version 9.5.0-P1, 9.4.2-P1, or 9.3.5-P1 or later. For Microsoft DNS, apply the relevant security patches for Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2. For selinux-policy-targeted-1.17.30, selinux-policy-mls-2.4.6, selinux-policy-2.4.6, selinux-policy-devel-2.4.6, selinux-policy-targeted-2.4.6, selinux-policy-targeted-sources-1.17.30, and selinux-policy-strict-2.4.6, update to a version that addresses the vulnerabilities. For Cisco products, apply the software updates released by Cisco. At the moment, there is no information about a newer version that contains a fix for selinux-policy-refpolicy-dev, selinux-policy-refpolicy-strict, selinux-policy-refpolicy-src, and selinux-policy-refpolicy-doc.