6.4

CVE-2008-3630

mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleBonjour Version1.0.4 Updateunknown Editionwindows
   MicrosoftWindows-nt Versionxp Updatesp3
   MicrosoftWindows 2000 Version-
   MicrosoftWindows 2003 Server Version-
   MicrosoftWindows Vista Version-
   MicrosoftWindows Xp Version- Updatesp2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.59% 0.725
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:N/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.apple.com/archives/security-announce//2008/Sep/msg00002.html
Patch
http://secunia.com/advisories/31822
http://support.apple.com/kb/HT2990
http://www.vupen.com/english/advisories/2008/2524
http://www.securityfocus.com/bid/31093
http://www.securitytracker.com/id?1020844