CVE-2008-4392

Sažetak

dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority (SOA) query.

Reference

http://secunia.com/advisories/33855
http://www.securityfocus.com/bid/33818
http://www.your.org/dnscache/
http://www.your.org/dnscache/djbdns.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48807

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:P

Zadnje važnije ažuriranje

08-08-2017 - 01:32

Objavljeno

19-02-2009 - 16:30