CVE-2008-4100

GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.  NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
VendorProductVersion
gnuadns
𝑥
≤ 1.4
gnuadns
0.1
gnuadns
0.2
gnuadns
0.3
gnuadns
0.4
gnuadns
0.5
gnuadns
0.6
gnuadns
0.7
gnuadns
0.8
gnuadns
0.9
gnuadns
1.0
gnuadns
1.1
gnuadns
1.2
gnuadns
1.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
adns
bookworm
1.6.0-2
fixed
bullseye
1.6.0-2
fixed
sid
1.6.1-1
fixed
trixie
1.6.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
adns
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
ignored
gutsy
ignored
feisty
ignored
dapper
ignored
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492698
http://www.openwall.com/lists/oss-security/2008/09/11/1
http://www.openwall.com/lists/oss-security/2008/09/16/4
https://www.exploit-db.com/exploits/6197
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492698
http://www.openwall.com/lists/oss-security/2008/09/11/1
http://www.openwall.com/lists/oss-security/2008/09/16/4
https://www.exploit-db.com/exploits/6197