Lucene search

K
cve[email protected]CVE-2008-4392
HistoryFeb 19, 2009 - 4:30 p.m.

CVE-2008-4392

2009-02-1916:30:00
CWE-362
web.nvd.nist.gov
22
3
cve-2008-4392
dnscache
daniel j. bernstein
djbdns
spoofed dns
nvd

6.3 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.006 Low

EPSS

Percentile

78.2%

dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority (SOA) query.

Affected configurations

NVD
Node
d.j.bernsteindjbdnsMatch1.05

Social References

More

6.3 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.006 Low

EPSS

Percentile

78.2%