6.4

CVE-2008-4126

PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4099.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianPython-dns Version <= 2.3.1-4
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.0-1
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.0-2
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.0-3
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.0-4
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.0-5
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.0-5.1
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.0-6
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.1-1
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.1-2
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.1-3
   DebianLinux Versionunknown Updateunknown Editionetch
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.71% 0.699
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:N/I:P/A:P