Vulnerability Description
dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority (SOA) query.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| D.J.Bernstein | Djbdns | 1.05 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/33855Vendor Advisory
- http://www.securityfocus.com/bid/33818
- http://www.your.org/dnscache/PatchVendor Advisory
- http://www.your.org/dnscache/djbdns.pdfVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48807
- http://secunia.com/advisories/33855Vendor Advisory
- http://www.securityfocus.com/bid/33818
- http://www.your.org/dnscache/PatchVendor Advisory
- http://www.your.org/dnscache/djbdns.pdfVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48807
FAQ
What is CVE-2008-4392?
CVE-2008-4392 is a vulnerability with a CVSS score of 6.4 (MEDIUM). dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofe...
How severe is CVE-2008-4392?
CVE-2008-4392 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4392?
Check the references section above for vendor advisories and patch information. Affected products include: D.J.Bernstein Djbdns.