6.4
CVE-2008-4100
- EPSS 1.49%
- Veröffentlicht 18.09.2008 17:59:32
- Zuletzt bearbeitet 16.06.2026 22:57:10
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.49% | 0.708 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:P
|
http://www.openwall.com/lists/oss-security/2008/09/11/1
http://www.openwall.com/lists/oss-security/2008/09/16/4
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492698
https://www.exploit-db.com/exploits/6197