Wind River Support Network

HomeOther DownloadsSecurity Advisory - Bind - CVE-2008-1447 (for Wind River Linux 1.5)
Recommended Type: Patch

Security Advisory - Bind - CVE-2008-1447 (for Wind River Linux 1.5)

Released: Jul 8, 2008     Updated: Jul 8, 2008


The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via certain cache poisoning techniques against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability." IDENTIFIER = WIND00126632 for 1.5

Product Version

Linux Platforms 1.x


Installation Notes

Installation Notes

  1. Unzip the patch under [install_dir]/updates

    2. Install the patch CD by entering the patch CD directory and run setup_linux.

    3. This is a source only patch so you will have to build the kernel

    4. Issue a make fs and make the kernel in a configured directory.

    5. Upload the kernel and rootfs into the target and boot it up.

Live chat