Description

resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.

Remediation

References

CVE-2008-3905

Related Vulnerabilities

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-4954)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2202)

WordPress Plugin Product Catalog Multiple Vulnerabilities (3.1.2)

WordPress Plugin MAZ Loader-Preloader Builder for WordPress SQL Injection (1.3.2)

Oracle Database Server CVE-2011-0793 Vulnerability (CVE-2011-0793)

Severity

Medium

Classification

CVE-2008-3905 CWE-287

Tags

Missing Update Known Vulnerabilities