Vulnerabilities > CVE-2008-4126 - Configuration vulnerability in Debian Python-Dns

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

debian

CWE-16

NVD

Published: 2008-09-18

Updated: 2024-11-21

Summary

PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4099.

Vulnerable Configurations

Part	Description	Count
Application	Debian Debian Python DNS * Debian Python DNS 2.3.0-1 Debian Python DNS 2.3.0-2 Debian Python DNS 2.3.0-3 Debian Python DNS 2.3.0-4 Debian Python DNS 2.3.0-5 Debian Python DNS 2.3.0-5.1 Debian Python DNS 2.3.0-6 Debian Python DNS 2.3.1-1 Debian Python DNS 2.3.1-2 Debian Python DNS 2.3.1-3 Debian Linux Unknown	12

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References