CVE-2008-3905

ruby: use of predictable source port and transaction id in DNS requests done by resolv.rb module

Severity Score

5.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.

resolv.rb en Ruby 1.8.5 y versiones anteriores, 1.8.6 versiones anteriores a 1.8.6-p287, 1.8.7 versiones anteriores a 1.8.7-p72, y 1.9 r18423 y versiones anteriores utiliza transacciones secuenciales de IDs y puertos de origen constante para peticiones DNS, lo cual hace más sencillo para atacantes remotos envenenar respuestas DNS, una vulnerabilidad diferente a CVE-2008-1447.

*Credits: N/A

CVSS Scores

NISTv2 5.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-09-04 CVE Reserved
2008-09-04 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2024-10-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-287: Improper Authentication

CAPEC

References (26)

URL	Tag	Source
http://secunia.com/advisories/31430	Third Party Advisory
http://secunia.com/advisories/32165	Third Party Advisory
http://secunia.com/advisories/32219	Third Party Advisory
http://secunia.com/advisories/32255	Third Party Advisory
http://secunia.com/advisories/32256	Third Party Advisory
http://secunia.com/advisories/32371	Third Party Advisory
http://secunia.com/advisories/32948	Third Party Advisory
http://secunia.com/advisories/33178	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2008/09/04/9	Mailing List
http://www.securityfocus.com/bid/31699	Vdb Entry
http://www.vupen.com/english/advisories/2008/2334	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/45935	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10034	Signature

URL	Date	SRC
http://www.openwall.com/lists/oss-security/2008/09/03/3	2024-08-07

URL	Date	SRC
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby	2018-10-03

URL	Date	SRC
http://security.gentoo.org/glsa/glsa-200812-17.xml	2018-10-03
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.371754	2018-10-03
http://www.debian.org/security/2008/dsa-1651	2018-10-03
http://www.debian.org/security/2008/dsa-1652	2018-10-03
http://www.redhat.com/support/errata/RHSA-2008-0897.html	2018-10-03
https://usn.ubuntu.com/651-1	2018-10-03
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html	2018-10-03
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html	2018-10-03
https://access.redhat.com/security/cve/CVE-2008-3905	2008-10-21
https://bugzilla.redhat.com/show_bug.cgi?id=461495	2008-10-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				<= 1.8.5 Search vendor "Ruby-lang" for product "Ruby" and version " <= 1.8.5"		-		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				<= 1.8.6 Search vendor "Ruby-lang" for product "Ruby" and version " <= 1.8.6"		p286		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				<= 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version " <= 1.8.7"		p71		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				<= 1.9 Search vendor "Ruby-lang" for product "Ruby" and version " <= 1.9"		r18423		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.6 Search vendor "Ruby-lang" for product "Ruby" and version "1.6"		-		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.6.8 Search vendor "Ruby-lang" for product "Ruby" and version "1.6.8"		-		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.8.0 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.0"		-		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.8.1 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.1"		-		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.8.2 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.2"		-		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.8.3 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.3"		-		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.8.4 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.4"		-		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.8.6 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6"		-		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.8.6 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6"		p110		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.8.6 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6"		p111		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.8.6 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6"		p114		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.8.6 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6"		p230		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.8.6 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6"		p36		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.8.6 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6"		preview1		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.8.6 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6"		preview2		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.8.6 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6"		preview3		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7"		-		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7"		p17		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7"		p22		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7"		preview1		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7"		preview2		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7"		preview3		Affected
Ruby-lang Search vendor "Ruby-lang"		Ruby Search vendor "Ruby-lang" for product "Ruby"				1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7"		preview4		Affected