6.4

CVE-2008-4099

Exploit

PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.

Data is provided by the National Vulnerability Database (NVD)
DebianPython-dns Version <= 2.3.1-3
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.0-1
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.0-2
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.0-3
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.0-4
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.0-5
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.0-5.1
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.0-6
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.1-1
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.1-2
   DebianLinux Versionunknown Updateunknown Editionetch
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.72% 0.702
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:N/I:P/A:P