Back to search
CVE-2008-4100
Published: Sep 18, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492698
x_refsource_CONFIRM
[oss-security] 20080911 Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb)
mailing-list
x_refsource_MLIST
6197
exploit
x_refsource_EXPLOIT-DB
[oss-security] 20080915 Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb)
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now