Table of Contents

Public Date:
461495: CVE-2008-3905 ruby: use of predictable source port and transaction id in DNS requests done by resolv.rb module

The MITRE CVE dictionary describes this issue as:

resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.

Find out more about CVE-2008-3905 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (ruby) RHSA-2008:0897 2008-10-21
Red Hat Enterprise Linux 5 (ruby) RHSA-2008:0897 2008-10-21
Red Hat Enterprise Linux 3 (ruby) RHSA-2008:0896 2008-10-21
Last Modified

CVE description copyright © 2017, The MITRE Corporation