Skip to main content

Configuration

CVE-2008-4126

Severity Medium
Score 6.4/10

Summary

PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4099.

  • LOW
  • NETWORK
  • NONE
  • PARTIAL
  • NONE
  • PARTIAL

CWE-16 - Configuration

Weaknesses in this category are typically introduced during the configuration of the software.

References

Advisory Timeline

  • Published