Published: 18/09/2008 Updated: 19/09/2008

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

PyDNS (aka python-dns) prior to 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote malicious users to spoof DNS responses, a different vulnerability than CVE-2008-1447.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian python-dns 2.3.0-2
debian python-dns 2.3.0-1
debian python-dns
debian python-dns 2.3.1-2
debian python-dns 2.3.1-1
debian python-dns 2.3.0-5.1
debian python-dns 2.3.0-4
debian python-dns 2.3.0-6
debian python-dns 2.3.0-5
debian python-dns 2.3.0-3

Debian Bug report logs - #490217 python-dns vulnerable to CVE-2008-1447 DNS source port guessable Package: python-dns; Maintainer for python-dns is Scott Kitterman <scott@kittermancom>; Source for python-dns is src:python-dns (PTS, buildd, popcon) Reported by: Joe Malicki <jmalicki@metacartacom> Date: Thu, 10 Jul 2 ...

CWE-16 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490217 http://www.openwall.com/lists/oss-security/2008/09/16/4 http://packages.debian.org/changelogs/pool/main/p/python-dns/python-dns_2.3.3-1/changelog http://www.openwall.com/lists/oss-security/2008/09/11/1 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490217

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-4099

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect