Red Hat Bugzilla – Bug 461495
CVE-2008-3905 ruby: use of predictable source port and transaction id in DNS requests done by resolv.rb module
Last modified: 2008-11-13 10:23:44 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3905 to the following vulnerability:
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7
before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential
transaction IDs and constant source ports for DNS requests, which
makes it easier for remote attackers to spoof DNS responses, a
different vulnerability than CVE-2008-1447.
ruby-18.104.22.1687-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in:
Red Hat Enterprise Linux: