PT-2008-5425 · Debian · Dnspython

Published

2008-09-18

Updated

2008-09-19

CVE-2008-4126

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4099.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-16

Related Identifiers

CVE-2008-4126

DSA-1619-1

Affected Products

Dnspython

PT-2008-5425 · Debian · Dnspython

CVE-2008-4126

Weakness Enumeration

Related Identifiers

Affected Products

References · 5