PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Python-dns | Debian | * | 2.3.1-3 (including) |
Python-dns | Debian | 2.3.0-1 (including) | 2.3.0-1 (including) |
Python-dns | Debian | 2.3.0-2 (including) | 2.3.0-2 (including) |
Python-dns | Debian | 2.3.0-3 (including) | 2.3.0-3 (including) |
Python-dns | Debian | 2.3.0-4 (including) | 2.3.0-4 (including) |
Python-dns | Debian | 2.3.0-5 (including) | 2.3.0-5 (including) |
Python-dns | Debian | 2.3.0-5.1 (including) | 2.3.0-5.1 (including) |
Python-dns | Debian | 2.3.0-6 (including) | 2.3.0-6 (including) |
Python-dns | Debian | 2.3.1-1 (including) | 2.3.1-1 (including) |
Python-dns | Debian | 2.3.1-2 (including) | 2.3.1-2 (including) |