ID CVE-2008-3630
Summary mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
References
Vulnerable Configurations
  • cpe:2.3:a:apple:bonjour:1.0.4:unknown:windows:*:*:*:*:*
    cpe:2.3:a:apple:bonjour:1.0.4:unknown:windows:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:P
refmap via4
apple APPLE-SA-2009-09-09
bid 31093
confirm http://support.apple.com/kb/HT2990
sectrack 1020844
secunia 31822
vupen ADV-2008-2524
Last major update 30-10-2018 - 16:25
Published 11-09-2008 - 01:13
Last modified 30-10-2018 - 16:25
Back to Top