Sha256: f7ae4e662abbbc8ae04b1f53bb2007788ddf866300b91af28902156636c5ba41

Contents?: true

Size: 595 Bytes

Versions: 6

Compression:

Stored size: 595 Bytes

Contents

---
engine: ruby
cve: 2008-3905
url: https://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
title: ruby -- DNS spoofing vulnerability in resolv.rb
date: 2008-05-05
description: |
  resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before
  1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and
  constant source ports for DNS requests, which makes it easier for remote
  attackers to spoof DNS responses, a different vulnerability than
  CVE-2008-1447. 
cvss_v2: 5.8
patched_versions:
  - ~> 1.8.6.287
  - ~> 1.8.7.72
  - ">= 1.9.0"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/rubies/ruby/CVE-2008-3905.yml
bundler-budit-0.6.2 data/ruby-advisory-db/rubies/ruby/CVE-2008-3905.yml
bundler-budit-0.6.1 data/ruby-advisory-db/rubies/ruby/CVE-2008-3905.yml
bundler-audit-0.6.1 data/ruby-advisory-db/rubies/ruby/CVE-2008-3905.yml
bundler-audit-0.6.0 data/ruby-advisory-db/rubies/ruby/CVE-2008-3905.yml
bundler-audit-0.5.0 data/ruby-advisory-db/rubies/ruby/CVE-2008-3905.yml