CVE-2008-4100
GNU adns <= 1.4 - DNS Spoofing via Predictable Transaction IDs
Title source: llmDescription
GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment.
References (4)
Core 4
Core References
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492698
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/09/11/1
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/6197
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/09/16/4
Scores
EPSS
0.0061
EPSS Percentile
69.9%
Details
CWE
CWE-16
Status
published
Products (14)
gnu/adns
0.1
gnu/adns
0.2
gnu/adns
0.3
gnu/adns
0.4
gnu/adns
0.5
gnu/adns
0.6
gnu/adns
0.7
gnu/adns
0.8
gnu/adns
0.9
gnu/adns
1.0
... and 4 more
Published
Sep 18, 2008
Tracked Since
Feb 18, 2026