Lucene search
HistorySep 11, 2008 - 1:13 a.m.
CVE-2008-3630
mdnsresponder
apple
bonjour
windows
dns
spoofing
vulnerability
cve-2008-3630
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
6.1
Confidence
High
EPSS
0.122
Percentile
95.4%
mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
Affected configurations
Node
applebonjourMatch1.0.4unknownwindows
microsoftwindows-ntMatchxpsp3
ORmicrosoftwindows_2000Match-
ORmicrosoftwindows_2003_serverMatch-
ORmicrosoftwindows_vistaMatch-
ORmicrosoftwindows_xpMatch-sp2
Related
cvelist
cvelist
prion
prion
nvd
nvd
seebug
seebug
Apple Bonjour for Windows mDNSResponder伪造DNS应答漏洞
2008-09-11 00:00:00
BIND 9.4.1-9.4.2 - Remote DNS Cache Poisoning Flaw Exploit (meta)
2014-07-01 00:00:00
BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py)
2008-07-24 00:00:00
nessus
nessus
Bonjour < 1.0.5 Multiple Vulnerabilities (APPLE-SA-2009-09-09)
2008-09-18 00:00:00
openSUSE 10 Security Update : bind (bind-5410)
2008-07-15 00:00:00
openSUSE 10 Security Update : dnsmasq (dnsmasq-5512)
2008-08-15 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: bind-9.5.0-33.P1.fc9
2008-07-09 21:45:32
[SECURITY] Fedora 9 Update: dnsmasq-2.45-1.fc9
2009-02-14 22:11:22
debian
debian
[SECURITY] [DSA 1617-1] New refpolicy packages fix incompatible policy
2008-07-25 06:29:36
[SECURITY] [DSA-1619-2] New python-dns package fixes regression
2008-09-22 06:12:09
[SECURITY] [DSA-1619-2] New python-dns package fixes regression
2008-09-22 06:12:09
cve
cve
openvas
openvas
SuSE Update for bind SUSE-SA:2008:033
2009-01-23 00:00:00
Slackware: Security Advisory (SSA:2008-205-01)
2012-09-10 00:00:00
FreeBSD Security Advisory (FreeBSD-SA-08:06.bind.asc)
2008-09-04 00:00:00
redhat
redhat
(RHSA-2008:0533) Important: bind security update
2008-07-08 00:00:00
(RHSA-2008:0789) Moderate: dnsmasq security update
2008-08-11 00:00:00
securityvulns
securityvulns
Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks
2008-07-12 00:00:00
[SECURITY] [DSA 1619-1] New python-dns packages fix DNS response spoofing
2008-07-29 00:00:00
CAU-EX-2008-0002: Kaminsky DNS Cache Poisoning Flaw Exploit
2008-07-25 00:00:00
freebsd
freebsd
ruby -- DNS spoofing vulnerability
2008-08-08 00:00:00
FreeBSD -- DNS cache poisoning
2008-07-08 00:00:00
exploitpack
exploitpack
BIND 9.x - Remote DNS Cache Poisoning
2008-07-25 00:00:00
BIND 9.4.1 9.4.2 - Remote DNS Cache Poisoning (Metasploit)
2008-07-23 00:00:00
BIND 9.x - Remote DNS Cache Poisoning (Python)
2008-07-24 00:00:00
oraclelinux
oraclelinux
dnsmasq security update
2008-08-11 00:00:00
bind security update
2008-07-08 00:00:00
slackware
slackware
[slackware-security] dnsmasq
2008-07-24 00:02:47
[slackware-security] bind
2008-07-10 04:29:01
[slackware-security] ruby
2008-11-29 21:37:03
checkpoint_advisories
checkpoint_advisories
osv
osv
refpolicy - incompatible policy
2008-07-25 00:00:00
bind9 - cache poisoning
2008-07-08 00:00:00
ubuntu
ubuntu
Bind vulnerability
2008-07-08 00:00:00
Dnsmasq vulnerability
2008-07-22 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package ruby version 1.8.7-alt6
2008-08-12 00:00:00
Security fix for the ALT Linux 6 package bind version 9.3.5-alt2
2008-06-06 00:00:00
Security fix for the ALT Linux 5 package bind version 9.3.5-alt2
2008-06-06 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-08:06.bind
2008-07-13 00:00:00
gentoo
gentoo
BIND: Cache poisoning
2008-07-11 00:00:00
mDNSResponder: Multiple vulnerabilities
2012-01-22 00:00:00
pdnsd: Denial of Service and cache poisoning
2009-01-11 00:00:00
packetstorm
packetstorm
bailiwicked_domain.rb.txt
2008-07-24 00:00:00
bind9x-poison.txt
2008-07-25 00:00:00
bailiwicked_host.rb.txt
2008-07-24 00:00:00
debiancve
debiancve
CVE-2008-1447
2008-07-08 23:41:00
CVE-2008-4100
2008-09-18 17:59:32
suse
suse
DNS cache poisoning in bind
2008-07-11 09:57:52
ubuntucve
ubuntucve
CVE-2008-1447
2008-07-08 00:00:00
CVE-2008-3905
2008-09-04 00:00:00
f5
f5
K8938 : BIND DNS cache poisoning vulnerability - CVE-2008-1447 - VU#800113
2013-03-19 00:00:00
SOL8938 - BIND DNS cache poisoning vulnerability - CVE-2008-1447 - VU#800113
2008-07-10 00:00:00
checkpoint_security
checkpoint_security
Check Point response to DNS poisoning vulnerability CVE-2008-1447
2008-07-05 21:00:00
centos
centos
bind security update
2008-07-09 01:20:56
bind, caching, selinux security update
2008-07-08 22:25:27
rubygems
rubygems
ruby -- DNS spoofing vulnerability in resolv.rb
2008-05-04 20:00:00
mskb
mskb
MS08-037: Vulnerabilities in DNS could allow spoofing
2018-04-17 19:03:20
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
6.1
Confidence
High
EPSS
0.122
Percentile
95.4%
Related for CVE-2008-3630