Lucene search

K
cve[email protected]CVE-2008-4392
HistoryFeb 19, 2009 - 4:30 p.m.

CVE-2008-4392

2009-02-1916:30:00
CWE-362
web.nvd.nist.gov
22
3
cve-2008-4392
dnscache
daniel j. bernstein
djbdns
spoofed dns
nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.2%

dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority (SOA) query.

Affected configurations

NVD
Node
d.j.bernsteindjbdnsMatch1.05

Social References

More

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.2%