CVE-2008-3905
Last modified
CVE-2008-3905 is a vulnerability of currently unknown severity. resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.. EPSS estimates a 2.42% chance of exploitation in the next 30 days.
Description
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Ruby-Lang | Ruby | <= 1.8.5 | — |
| Ruby-Lang | Ruby | <= 1.8.6 | P286 |
| Ruby-Lang | Ruby | <= 1.8.7 | P71 |
| Ruby-Lang | Ruby | <= 1.9 | R18423 |
| Ruby-Lang | Ruby | 1.6 | — |
| Ruby-Lang | Ruby | 1.6.8 | — |
| Ruby-Lang | Ruby | 1.8.0 | — |
| Ruby-Lang | Ruby | 1.8.1 | — |
| Ruby-Lang | Ruby | 1.8.2 | — |
| Ruby-Lang | Ruby | 1.8.3 | — |
| Ruby-Lang | Ruby | 1.8.4 | — |
| Ruby-Lang | Ruby | 1.8.6 | — |
| Ruby-Lang | Ruby | 1.8.7 | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-3905?
How severe is CVE-2008-3905?
How do I fix CVE-2008-3905?
Are you affected by CVE-2008-3905?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST