6.4

CVE-2008-4126

PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4099.

Data is provided by the National Vulnerability Database (NVD)
DebianPython-dns Version <= 2.3.1-4
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.0-1
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.0-2
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.0-3
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.0-4
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.0-5
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.0-5.1
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.0-6
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.1-1
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.1-2
   DebianLinux Versionunknown Updateunknown Editionetch
DebianPython-dns Version2.3.1-3
   DebianLinux Versionunknown Updateunknown Editionetch
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.71% 0.699
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:N/I:P/A:P