1. Home
  2. Vulnerabilities
  3. CVE-2008-3905

CVE-2008-3905

CVSS v2.0 5.8 (Medium)
58% Progress
EPSS 0.99 % (84th)
0.99% Progress
Affected Products 1
Advisories 7
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.

Weaknesses
CWE-287
Improper Authentication
Related CVEs
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2008-09-04 17:41:00
(16 years ago)
Updated Date
2018-10-03 21:55:58
(6 years ago)

Affected Products

Ruby-lang

Configuration #1

    CPE23 From Up To
  Ruby-lang Ruby 1.8.5 and prior versions cpe:2.3:a:ruby-lang:ruby <= 1.8.5
  Ruby-lang Ruby P286 1.8.6 and prior versions cpe:2.3:a:ruby-lang:ruby::p286 <= 1.8.6
  Ruby-lang Ruby P71 1.8.7 and prior versions cpe:2.3:a:ruby-lang:ruby::p71 <= 1.8.7
  Ruby-lang Ruby R18423 1.9 and prior versions cpe:2.3:a:ruby-lang:ruby::r18423 <= 1.9
  Ruby-lang Ruby 1.6 cpe:2.3:a:ruby-lang:ruby:1.6
  Ruby-lang Ruby 1.6.8 cpe:2.3:a:ruby-lang:ruby:1.6.8
  Ruby-lang Ruby 1.8.0 cpe:2.3:a:ruby-lang:ruby:1.8.0
  Ruby-lang Ruby 1.8.1 cpe:2.3:a:ruby-lang:ruby:1.8.1
  Ruby-lang Ruby 1.8.2 cpe:2.3:a:ruby-lang:ruby:1.8.2
  Ruby-lang Ruby 1.8.3 cpe:2.3:a:ruby-lang:ruby:1.8.3
  Ruby-lang Ruby 1.8.4 cpe:2.3:a:ruby-lang:ruby:1.8.4
  Ruby-lang Ruby 1.8.6 cpe:2.3:a:ruby-lang:ruby:1.8.6
  Ruby-lang Ruby 1.8.6 P110 cpe:2.3:a:ruby-lang:ruby:1.8.6:p110
  Ruby-lang Ruby 1.8.6 P111 cpe:2.3:a:ruby-lang:ruby:1.8.6:p111
  Ruby-lang Ruby 1.8.6 P114 cpe:2.3:a:ruby-lang:ruby:1.8.6:p114
  Ruby-lang Ruby 1.8.6 P230 cpe:2.3:a:ruby-lang:ruby:1.8.6:p230
  Ruby-lang Ruby 1.8.6 P36 cpe:2.3:a:ruby-lang:ruby:1.8.6:p36
  Ruby-lang Ruby 1.8.6 Preview1 cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1
  Ruby-lang Ruby 1.8.6 Preview2 cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2
  Ruby-lang Ruby 1.8.6 Preview3 cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3
  Ruby-lang Ruby 1.8.7 cpe:2.3:a:ruby-lang:ruby:1.8.7
  Ruby-lang Ruby 1.8.7 P17 cpe:2.3:a:ruby-lang:ruby:1.8.7:p17
  Ruby-lang Ruby 1.8.7 P22 cpe:2.3:a:ruby-lang:ruby:1.8.7:p22
  Ruby-lang Ruby 1.8.7 Preview1 cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1
  Ruby-lang Ruby 1.8.7 Preview2 cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2
  Ruby-lang Ruby 1.8.7 Preview3 cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3
  Ruby-lang Ruby 1.8.7 Preview4 cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4