FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-3905

This CVE name corresponds to:

Entered Topic
2008-08-16 ruby -- DoS vulnerability in WEBrick
ruby -- multiple vulnerabilities in safe level

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-3905 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-3905
Phase Assigned(20080904)

Description

resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.

References

Source Reference
MLIST [oss-security] 20080903 CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb)
MLIST [oss-security] 20080904 Re: CVE Request (ruby -- DNS spoofing vulnerability
CONFIRM http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm
DEBIAN DSA-1651
DEBIAN DSA-1652
FEDORA FEDORA-2008-8736
FEDORA FEDORA-2008-8738
GENTOO GLSA-200812-17
REDHAT RHSA-2008:0897
SLACKWARE SSA:2008-334-01
UBUNTU USN-651-1
BID 31699
OVAL oval:org.mitre.oval:def:10034
VUPEN ADV-2008-2334
SECUNIA 32255
SECUNIA 32256
SECUNIA 32948
SECUNIA 33178
SECUNIA 31430
SECUNIA 32165
SECUNIA 32219
SECUNIA 32371
XF ruby-resolv-dns-spoofing(45935)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.