Vulnerabilities > CVE-2008-4100 - Configuration vulnerability in GNU Adns

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

gnu

CWE-16

exploit available

NVD

Published: 2008-09-18

Updated: 2023-11-07

Summary

GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Adns 0.5 GNU Adns 0.9 GNU Adns * GNU Adns 1.0 GNU Adns 0.8 GNU Adns 0.2 GNU Adns 0.6 GNU Adns 1.3 GNU Adns 1.2 GNU Adns 0.3 GNU Adns 1.1 GNU Adns 0.4 GNU Adns 0.1 GNU Adns 0.7	14

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

Exploit-Db

id	EDB-ID:6197

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References