CVE-2008-3630

Sažetak

mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.

Reference

http://lists.apple.com/archives/security-announce//2008/Sep/msg00002.html
http://secunia.com/advisories/31822
http://support.apple.com/kb/HT2990
http://www.securityfocus.com/bid/31093
http://www.securitytracker.com/id?1020844
http://www.vupen.com/english/advisories/2008/2524

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:P

Zadnje važnije ažuriranje

30-10-2018 - 16:25

Objavljeno

11-09-2008 - 01:13