CVE-2008-3905

Name of the Vulnerable Software and Affected Versions libruby1.9 versions 1.9 and earlier libruby1.9-dbg versions 1.9 and earlier ri1.9 versions 1.9 and earlier Ruby versions 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier

Description The issue affects the availability of protected information and can be exploited remotely. The vulnerability in Ruby's resolv.rb module allows remote attackers to spoof DNS responses due to the use of sequential transaction IDs and constant source ports for DNS requests.

Recommendations For libruby1.9 versions 1.9 and earlier, consider updating to a newer version to mitigate the risk. For libruby1.9-dbg versions 1.9 and earlier, consider updating to a newer version to mitigate the risk. For ri1.9 versions 1.9 and earlier, consider updating to a newer version to mitigate the risk. For Ruby versions 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier, update to Ruby 1.8.6-p287, 1.8.7-p72, or a later version to resolve the issue.