CVE-2008-3905

NameCVE-2008-3905
Descriptionresolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1651-1, DSA-1652-1
Debian Bugs498977, 498978

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby1.8sourceetch1.8.5-4etch3DSA-1651-1
ruby1.8source(unstable)1.8.7.72-1498978
ruby1.9sourceetch1.9.0+20060609-1etch3DSA-1652-1
ruby1.9source(unstable)1.9.0.2-6498977

Search for package or bug name: Reporting problems