CVEs-PoC/2008/CVE-2008-1447.md

### [CVE-2008-1447](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."

### POC

#### Reference
- http://www.vmware.com/security/advisories/VMSA-2008-0014.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-037
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9627
- https://www.exploit-db.com/exploits/6122
- https://www.exploit-db.com/exploits/6123
- https://www.exploit-db.com/exploits/6130

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Liger0898/DNS-BailiWicked-Host-Attack