DNS Spoofing Risk in GNU adns Software by The GNU Project
CVE-2008-4100

Currently unrated

Key Information:

Vendor: Gnu
Status: Adns
Vendor: CVE Published:; 18 September 2008

Summary

GNU adns versions 1.4 and earlier are susceptible to a vulnerability where a fixed source port and sequential transaction IDs are used for DNS requests. This design choice allows remote attackers to easily spoof DNS responses, posing significant security risks in untrusted environments. Although the vendor states this behavior fits the product's intended use in a trusted scope, it can expose users to potential remote exploitation if used improperly.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492698

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2008/09/11/1

mailing-listx_refsource_MLIST

https://www.exploit-db.com/exploits/6197

exploitx_refsource_EXPLOIT-DB

Timeline

Vulnerability published
Sep 18, 2008
Vulnerability Reserved
Sep 15, 2008