NVD Vulnerability Detail

CVE-2008-3905

Summary	resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
Summary	resolv.rb en Ruby 1.8.5 y versiones anteriores, 1.8.6 versiones anteriores a 1.8.6-p287, 1.8.7 versiones anteriores a 1.8.7-p72, y 1.9 r18423 y versiones anteriores utiliza transacciones secuenciales de IDs y puertos de origen constante para peticiones DNS, lo cual hace más sencillo para atacantes remotos envenenar respuestas DNS, una vulnerabilidad diferente a CVE-2008-1447.
Publication Date	Sept. 5, 2008, 2:41 a.m.
Registration Date	Jan. 29, 2021, 1:41 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : MEDIUM
Score	5.8
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ruby-lang:ruby::::::::		1.8.5
cpe:2.3:a:ruby-lang:ruby::p286::::::*		1.8.6
cpe:2.3:a:ruby-lang:ruby::p71::::::*		1.8.7
cpe:2.3:a:ruby-lang:ruby::r18423::::::*		1.9
cpe:2.3:a:ruby-lang:ruby:1.6:::::::*
cpe:2.3:a:ruby-lang:ruby:1.6.8:::::::*
cpe:2.3:a:ruby-lang:ruby:1.8.0:::::::*
cpe:2.3:a:ruby-lang:ruby:1.8.1:::::::*
cpe:2.3:a:ruby-lang:ruby:1.8.2:::::::*
cpe:2.3:a:ruby-lang:ruby:1.8.3:::::::*
cpe:2.3:a:ruby-lang:ruby:1.8.4:::::::*
cpe:2.3:a:ruby-lang:ruby:1.8.6:::::::*
cpe:2.3:a:ruby-lang:ruby:1.8.6:p110::::::
cpe:2.3:a:ruby-lang:ruby:1.8.6:p111::::::
cpe:2.3:a:ruby-lang:ruby:1.8.6:p114::::::
cpe:2.3:a:ruby-lang:ruby:1.8.6:p230::::::
cpe:2.3:a:ruby-lang:ruby:1.8.6:p36::::::
cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1::::::
cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2::::::
cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3::::::
cpe:2.3:a:ruby-lang:ruby:1.8.7:::::::*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p17::::::
cpe:2.3:a:ruby-lang:ruby:1.8.7:p22::::::
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1::::::
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2::::::
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3::::::
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4::::::

Related information, measures and tools

No	URL	refsource
1	http://secunia.com/advisories/31430	cve@mitre.org
2	http://secunia.com/advisories/32165	cve@mitre.org
3	http://secunia.com/advisories/32219	cve@mitre.org
4	http://secunia.com/advisories/32255	cve@mitre.org
5	http://secunia.com/advisories/32256	cve@mitre.org
6	http://secunia.com/advisories/32371	cve@mitre.org
7	http://secunia.com/advisories/32948	cve@mitre.org
8	http://secunia.com/advisories/33178	cve@mitre.org
9	http://security.gentoo.org/glsa/glsa-200812-17.xml	cve@mitre.org
10	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.371754	cve@mitre.org
11	http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm	cve@mitre.org
12	http://www.debian.org/security/2008/dsa-1651	cve@mitre.org
13	http://www.debian.org/security/2008/dsa-1652	cve@mitre.org
14	http://www.openwall.com/lists/oss-security/2008/09/03/3	cve@mitre.org
15	http://www.openwall.com/lists/oss-security/2008/09/04/9	cve@mitre.org
16	http://www.redhat.com/support/errata/RHSA-2008-0897.html	cve@mitre.org
17	http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/	cve@mitre.org
18	http://www.securityfocus.com/bid/31699	cve@mitre.org
19	http://www.vupen.com/english/advisories/2008/2334	cve@mitre.org
20	https://exchange.xforce.ibmcloud.com/vulnerabilities/45935	cve@mitre.org
21	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10034	cve@mitre.org
22	https://usn.ubuntu.com/651-1/	cve@mitre.org
23	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html	cve@mitre.org
24	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html	cve@mitre.org
25	http://secunia.com/advisories/31430	af854a3a-2127-422b-91ae-364da2661108
26	http://secunia.com/advisories/32165	af854a3a-2127-422b-91ae-364da2661108
27	http://secunia.com/advisories/32219	af854a3a-2127-422b-91ae-364da2661108
28	http://secunia.com/advisories/32255	af854a3a-2127-422b-91ae-364da2661108
29	http://secunia.com/advisories/32256	af854a3a-2127-422b-91ae-364da2661108
30	http://secunia.com/advisories/32371	af854a3a-2127-422b-91ae-364da2661108
31	http://secunia.com/advisories/32948	af854a3a-2127-422b-91ae-364da2661108
32	http://secunia.com/advisories/33178	af854a3a-2127-422b-91ae-364da2661108
33	http://security.gentoo.org/glsa/glsa-200812-17.xml	af854a3a-2127-422b-91ae-364da2661108
34	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.371754	af854a3a-2127-422b-91ae-364da2661108
35	http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm	af854a3a-2127-422b-91ae-364da2661108
36	http://www.debian.org/security/2008/dsa-1651	af854a3a-2127-422b-91ae-364da2661108
37	http://www.debian.org/security/2008/dsa-1652	af854a3a-2127-422b-91ae-364da2661108
38	http://www.openwall.com/lists/oss-security/2008/09/03/3	af854a3a-2127-422b-91ae-364da2661108
39	http://www.openwall.com/lists/oss-security/2008/09/04/9	af854a3a-2127-422b-91ae-364da2661108
40	http://www.redhat.com/support/errata/RHSA-2008-0897.html	af854a3a-2127-422b-91ae-364da2661108
41	http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/	af854a3a-2127-422b-91ae-364da2661108
42	http://www.securityfocus.com/bid/31699	af854a3a-2127-422b-91ae-364da2661108
43	http://www.vupen.com/english/advisories/2008/2334	af854a3a-2127-422b-91ae-364da2661108
44	https://exchange.xforce.ibmcloud.com/vulnerabilities/45935	af854a3a-2127-422b-91ae-364da2661108
45	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10034	af854a3a-2127-422b-91ae-364da2661108
46	https://usn.ubuntu.com/651-1/	af854a3a-2127-422b-91ae-364da2661108
47	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html	af854a3a-2127-422b-91ae-364da2661108
48	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ruby-lang:ruby::::::::		1.8.5
cpe:2.3:a:ruby-lang:ruby::p286::::::*		1.8.6
cpe:2.3:a:ruby-lang:ruby::p71::::::*		1.8.7
cpe:2.3:a:ruby-lang:ruby::r18423::::::*		1.9
cpe:2.3:a:ruby-lang:ruby:1.6:::::::*
cpe:2.3:a:ruby-lang:ruby:1.6.8:::::::*
cpe:2.3:a:ruby-lang:ruby:1.8.0:::::::*
cpe:2.3:a:ruby-lang:ruby:1.8.1:::::::*
cpe:2.3:a:ruby-lang:ruby:1.8.2:::::::*
cpe:2.3:a:ruby-lang:ruby:1.8.3:::::::*
cpe:2.3:a:ruby-lang:ruby:1.8.4:::::::*
cpe:2.3:a:ruby-lang:ruby:1.8.6:::::::*
cpe:2.3:a:ruby-lang:ruby:1.8.6:p110::::::
cpe:2.3:a:ruby-lang:ruby:1.8.6:p111::::::
cpe:2.3:a:ruby-lang:ruby:1.8.6:p114::::::
cpe:2.3:a:ruby-lang:ruby:1.8.6:p230::::::
cpe:2.3:a:ruby-lang:ruby:1.8.6:p36::::::
cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1::::::
cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2::::::
cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3::::::
cpe:2.3:a:ruby-lang:ruby:1.8.7:::::::*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p17::::::
cpe:2.3:a:ruby-lang:ruby:1.8.7:p22::::::
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1::::::
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2::::::
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3::::::
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4::::::