CVE-2008-4100

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2008-4100

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2008-4100.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2008-4100

Downstream

DEBIAN-CVE-2008-4100

Published

2008-09-18T17:59:32Z

Modified

2026-04-10T03:40:08.618832Z

Summary

[none]

Details

GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492698
http://www.openwall.com/lists/oss-security/2008/09/11/1
http://www.openwall.com/lists/oss-security/2008/09/16/4
https://www.exploit-db.com/exploits/6197

CVE-2008-4100

Affected packages