Published: 18/09/2008 Updated: 07/11/2023

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

GNU adns 1.4 and previous versions uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote malicious users to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu adns 0.5
gnu adns 0.9
gnu adns
gnu adns 1.0
gnu adns 0.8
gnu adns 0.2
gnu adns 0.6
gnu adns 1.3
gnu adns 1.2
gnu adns 0.3
gnu adns 1.1
gnu adns 0.4
gnu adns 0.1
gnu adns 0.7

Debian Bug report logs - #492698 appears to be vulnerable to cache poisoning attack CVE-2008-1447 Package: adns; Maintainer for adns is Ian Jackson <ijackson@chiarkgreenendorguk>; Reported by: Thijs Kinkhorst <thijs@debianorg> Date: Mon, 28 Jul 2008 09:48:19 UTC Severity: serious Tags: security Found in version ...

CWE-16 http://www.openwall.com/lists/oss-security/2008/09/11/1 http://www.openwall.com/lists/oss-security/2008/09/16/4 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492698 https://www.exploit-db.com/exploits/6197 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492698

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-4100

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect