Lucene search

K
cve[email protected]CVE-2008-3630
HistorySep 11, 2008 - 1:13 a.m.

CVE-2008-3630

2008-09-1101:13:09
web.nvd.nist.gov
77
mdnsresponder
apple
bonjour
windows
dns
spoofing
vulnerability
cve-2008-3630

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.1 Medium

AI Score

Confidence

High

0.133 Low

EPSS

Percentile

95.6%

mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.

Affected configurations

NVD
Node
applebonjourMatch1.0.4unknownwindows
AND
microsoftwindows-ntMatchxpsp3
OR
microsoftwindows_2000Match-
OR
microsoftwindows_2003_serverMatch-
OR
microsoftwindows_vistaMatch-
OR
microsoftwindows_xpMatch-sp2
CPENameOperatorVersion
apple:bonjourapple bonjoureq1.0.4

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.1 Medium

AI Score

Confidence

High

0.133 Low

EPSS

Percentile

95.6%