CVE-2008-3630
Severity Score
6.4
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
mDNSResponder en Apple Bonjour para Windows anterior a 1.0.5, cuando una aplicaciĆ³n usa la API Bonjour para DNS unicast, no escoge valores aleatorios para las transacciones IDs u origen de puertos en las peticiones DNS, lo que facilita a atacantes remotos falsear las respuestas DNS. Vulnerabilidad distinta de CVE-2008-1447.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-08-12 CVE Reserved
- 2008-09-10 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/31822 | Third Party Advisory | |
| http://support.apple.com/kb/HT2990 | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/31093 | Vdb Entry | |
| http://www.securitytracker.com/id?1020844 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/2524 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce//2008/Sep/msg00002.html | 2018-10-30 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Bonjour Search vendor "Apple" for product "Bonjour" | 1.0.4 Search vendor "Apple" for product "Bonjour" and version "1.0.4" | unknown, windows |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows-nt Search vendor "Microsoft" for product "Windows-nt" | xp Search vendor "Microsoft" for product "Windows-nt" and version "xp" | sp3 |
Safe
|
| Apple Search vendor "Apple" | Bonjour Search vendor "Apple" for product "Bonjour" | 1.0.4 Search vendor "Apple" for product "Bonjour" and version "1.0.4" | unknown, windows |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | - | - |
Safe
|
| Apple Search vendor "Apple" | Bonjour Search vendor "Apple" for product "Bonjour" | 1.0.4 Search vendor "Apple" for product "Bonjour" and version "1.0.4" | unknown, windows |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | - | - |
Safe
|
| Apple Search vendor "Apple" | Bonjour Search vendor "Apple" for product "Bonjour" | 1.0.4 Search vendor "Apple" for product "Bonjour" and version "1.0.4" | unknown, windows |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Vista Search vendor "Microsoft" for product "Windows Vista" | - | - |
Safe
|
| Apple Search vendor "Apple" | Bonjour Search vendor "Apple" for product "Bonjour" | 1.0.4 Search vendor "Apple" for product "Bonjour" and version "1.0.4" | unknown, windows |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | sp2 |
Safe
|