DNS Spoofing Vulnerability in PyDNS Product by Debian
CVE-2008-4099

Currently unrated

Key Information:

Vendor: Debian
Status: Python-dns
Vendor: CVE Published:; 18 September 2008

Summary

The vulnerability in PyDNS affects versions before 2.3.1-4 on Debian GNU/Linux, as it fails to implement the use of random source ports and transaction IDs for DNS requests. This oversight allows remote attackers to more easily spoof DNS responses, posing significant risks to the integrity of network communications and potentially leading to malicious activities such as phishing or man-in-the-middle attacks.

References

http://packages.debian.org/changelogs/pool/main/p/python-...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2008/09/11/1

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2008/09/16/4

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Sep 18, 2008
Vulnerability Reserved
Sep 15, 2008