Back to search
CVE-2008-3905
Published: Sep 4, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20080904 Re: CVE Request (ruby -- DNS spoofing vulnerability
mailing-list
x_refsource_MLIST
31430
third-party-advisory
x_refsource_SECUNIA
USN-651-1
vendor-advisory
x_refsource_UBUNTU
31699
vdb-entry
x_refsource_BID
DSA-1652
vendor-advisory
x_refsource_DEBIAN
FEDORA-2008-8736
vendor-advisory
x_refsource_FEDORA
http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm
x_refsource_CONFIRM
DSA-1651
vendor-advisory
x_refsource_DEBIAN
RHSA-2008:0897
vendor-advisory
x_refsource_REDHAT
32219
third-party-advisory
x_refsource_SECUNIA
32948
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:10034
vdb-entry
signature
x_refsource_OVAL
32255
third-party-advisory
x_refsource_SECUNIA
ruby-resolv-dns-spoofing(45935)
vdb-entry
x_refsource_XF
32371
third-party-advisory
x_refsource_SECUNIA
32165
third-party-advisory
x_refsource_SECUNIA
GLSA-200812-17
vendor-advisory
x_refsource_GENTOO
33178
third-party-advisory
x_refsource_SECUNIA
ADV-2008-2334
vdb-entry
x_refsource_VUPEN
SSA:2008-334-01
vendor-advisory
x_refsource_SLACKWARE
FEDORA-2008-8738
vendor-advisory
x_refsource_FEDORA
32256
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20080903 CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb)
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now