Vulnerability Description
PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Python-Dns | <= 2.3.1-3 |
| Debian | Linux | unknown |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490217Exploit
- http://packages.debian.org/changelogs/pool/main/p/python-dns/python-dns_2.3.3-1/
- http://www.openwall.com/lists/oss-security/2008/09/11/1
- http://www.openwall.com/lists/oss-security/2008/09/16/4
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490217Exploit
- http://packages.debian.org/changelogs/pool/main/p/python-dns/python-dns_2.3.3-1/
- http://www.openwall.com/lists/oss-security/2008/09/11/1
- http://www.openwall.com/lists/oss-security/2008/09/16/4
FAQ
What is CVE-2008-4099?
CVE-2008-4099 is a vulnerability with a CVSS score of 6.4 (MEDIUM). PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a dif...
How severe is CVE-2008-4099?
CVE-2008-4099 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4099?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Python-Dns, Debian Linux.