Vulnerability Details CVE-2008-4392
dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority (SOA) query.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.4%
CVSS Severity
CVSS v2 Score 6.4
References
- http://secunia.com/advisories/33855
- http://www.securityfocus.com/bid/33818
- http://www.your.org/dnscache/
- http://www.your.org/dnscache/djbdns.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48807
- http://secunia.com/advisories/33855
- http://www.securityfocus.com/bid/33818
- http://www.your.org/dnscache/
- http://www.your.org/dnscache/djbdns.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48807
Products affected by CVE-2008-4392
-
cpe:2.3:a:d.j.bernstein:djbdns:1.05