CVE-2008-3905
CVE-2008-3905
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://secunia.com/advisories/31430http://secunia.com/advisories/32165http://secunia.com/advisories/32219http://secunia.com/advisories/32255http://secunia.com/advisories/32256http://secunia.com/advisories/32371http://secunia.com/advisories/32948http://secunia.com/advisories/33178http://security.gentoo.org/glsa/glsa-200812-17.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/45935http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.371754https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10034