CVE Vulnerabilities

CVE-2008-4100

Published: Sep 18, 2008 | Modified: Sep 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the products intended role in a trusted environment.

Affected Software

Name Vendor Start Version End Version
Adns Gnu 0.1 0.1
Adns Gnu 0.2 0.2
Adns Gnu 0.3 0.3
Adns Gnu 0.4 0.4
Adns Gnu 0.5 0.5
Adns Gnu 0.6 0.6
Adns Gnu 0.7 0.7
Adns Gnu 0.8 0.8
Adns Gnu 0.9 0.9
Adns Gnu 1.0 1.0
Adns Gnu 1.1 1.1
Adns Gnu 1.2 1.2
Adns Gnu 1.3 1.3
Adns Gnu * 1.4
Adns Ubuntu dapper *
Adns Ubuntu hardy *
Adns Ubuntu upstream *

References