CVE-2008-4099

Published Sep 18, 2008

Last updated 16 years ago

Overview

Description: PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
Source: secalert@redhat.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-16

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:debian:python-dns:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "399E0A21-71C6-43AF-9EC8-EFD8FA50CD8B",
            "versionEndIncluding": "2.3.1-3"
          },
          {
            "criteria": "cpe:2.3:a:debian:python-dns:2.3.0-1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F07B638-3E16-4A58-9380-495A21FB56FB"
          },
          {
            "criteria": "cpe:2.3:a:debian:python-dns:2.3.0-2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC6F9EC4-0F3B-415A-B518-911716059350"
          },
          {
            "criteria": "cpe:2.3:a:debian:python-dns:2.3.0-3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C75EED6D-9C9E-47C8-B411-9A15072A82D8"
          },
          {
            "criteria": "cpe:2.3:a:debian:python-dns:2.3.0-4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1FF1443-4AF9-4A90-BD01-4BD6DC9494EF"
          },
          {
            "criteria": "cpe:2.3:a:debian:python-dns:2.3.0-5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE12FBCE-B3EC-43E2-AAFE-FA0497921C47"
          },
          {
            "criteria": "cpe:2.3:a:debian:python-dns:2.3.0-5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06410162-F3CE-4E90-A9CB-6BA35117A259"
          },
          {
            "criteria": "cpe:2.3:a:debian:python-dns:2.3.0-6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F369971A-A314-4883-84DD-07F906F06145"
          },
          {
            "criteria": "cpe:2.3:a:debian:python-dns:2.3.1-1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9B62615-D57C-4567-B2A6-AD4BDE465864"
          },
          {
            "criteria": "cpe:2.3:a:debian:python-dns:2.3.1-2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34A10018-9535-4865-9FC0-0ED7EDE74691"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:debian:linux:unknown:unknown:etch:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3CFF5E16-B757-4F51-9896-EA47AEBD5A91"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References