CVE-2008-4100

Currently unrated

Key Information:

Vendor: Gnu
Status: Adns
Vendor: CVE Published:; 18 September 2008

Summary

GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492698

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2008/09/11/1

mailing-listx_refsource_MLIST

https://www.exploit-db.com/exploits/6197

exploitx_refsource_EXPLOIT-DB

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 18, 2008
Vulnerability Reserved
Sep 15, 2008