Lucene search

[email protected]CVE-2008-4392

HistoryFeb 19, 2009 - 4:30 p.m.

CVE-2008-4392

2009-02-1916:30:00

CWE-362

[email protected]

web.nvd.nist.gov

cve-2008-4392

dnscache

daniel j. bernstein

djbdns

spoofed dns

nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.2%

JSON

dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority (SOA) query.

Affected configurations

NVD

Node

d.j.bernsteindjbdnsMatch1.05

CPENameOperatorVersion
d.j.bernstein:djbdnsd.j.bernstein djbdnseq1.05

CPE	Name	Operator	Version
d.j.bernstein:djbdns	d.j.bernstein djbdns	eq	1.05

References

secunia.com/advisories/33855

www.securityfocus.com/bid/33818

www.your.org/dnscache/

www.your.org/dnscache/djbdns.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/48807

Social References

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.2%

JSON

Related for CVE-2008-4392

openvas4 ubuntucve1 nessus3 prion1 fedora3 seebug1 cvelist1 nvd1 debiancve1