Description

resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.

Remediation

References

CVE-2008-3905

Related Vulnerabilities

TYPO3 Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-31046)

Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-40316)

WordPress Plugin Form Vibes-Database Manager for Forms SQL Injection (1.4.5)

PostgreSQL Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2017-14798)

WordPress Plugin WP Business Directory Cross-Site Scripting (1.0.5)

Severity

Medium

Classification

CVE-2008-3905 CWE-287

Tags

Missing Update Known Vulnerabilities