Executive Summary

Informations
NameCVE-2008-3905First vendor Publication2008-09-04
VendorCveLast vendor Modification2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:P)
Cvss Base Score5.8Attack RangeNetwork
Cvss Impact Score4.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3905

CWE : Common Weakness Enumeration

idName
CWE-287Improper Authentication

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:8055
 
Oval ID: oval:org.mitre.oval:def:8055
Title: DSA-1652 ruby1.9 -- several vulnerabilities
Description: Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems: Keita Yamaguchi discovered that several safe level restrictions are insufficiently enforced. Christian Neukirchen discovered that the WebRick module uses inefficient algorithms for HTTP header splitting, resulting in denial of service through resource exhaustion. It was discovered that the dl module doesn't perform taintness checks. Luka Treiber and Mitja Kolsek discovered that recursively nested XML entities can lead to denial of service through resource exhaustion in rexml. Tanaka Akira discovered that the resolv module uses sequential transaction IDs and a fixed source port for DNS queries, which makes it more vulnerable to DNS spoofing attacks.
Family: unix Class: patch
Reference(s): DSA-1652
CVE-2008-3655
CVE-2008-3656
CVE-2008-3657
CVE-2008-3790
CVE-2008-3905
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): ruby1.9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7935
 
Oval ID: oval:org.mitre.oval:def:7935
Title: DSA-1651 ruby1.8 -- several vulnerabilities
Description: Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems: Keita Yamaguchi discovered that several safe level restrictions are insufficiently enforced. Christian Neukirchen discovered that the WebRick module uses inefficient algorithms for HTTP header splitting, resulting in denial of service through resource exhaustion. It was discovered that the dl module doesn't perform taintness checks. Luka Treiber and Mitja Kolsek discovered that recursively nested XML entities can lead to denial of service through resource exhaustion in rexml. Tanaka Akira discovered that the resolv module uses sequential transaction IDs and a fixed source port for DNS queries, which makes it more vulnerable to DNS spoofing attacks.
Family: unix Class: patch
Reference(s): DSA-1651
CVE-2008-3655
CVE-2008-3656
CVE-2008-3657
CVE-2008-3790
CVE-2008-3905
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): ruby1.8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20309
 
Oval ID: oval:org.mitre.oval:def:20309
Title: DSA-1651-1 ruby1.8 - several vulnerabilities
Description: Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems.
Family: unix Class: patch
Reference(s): DSA-1651-1
CVE-2008-3655
CVE-2008-3656
CVE-2008-3657
CVE-2008-3790
CVE-2008-3905
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): ruby1.8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18456
 
Oval ID: oval:org.mitre.oval:def:18456
Title: DSA-1652-1 ruby1.9 - several vulnerabilities
Description: Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems.
Family: unix Class: patch
Reference(s): DSA-1652-1
CVE-2008-3655
CVE-2008-3656
CVE-2008-3657
CVE-2008-3790
CVE-2008-3905
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): ruby1.9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17538
 
Oval ID: oval:org.mitre.oval:def:17538
Title: USN-651-1 -- ruby1.8 vulnerabilities
Description: Akira Tagoh discovered a vulnerability in Ruby which lead to an integer overflow.
Family: unix Class: patch
Reference(s): USN-651-1
CVE-2008-2376
CVE-2008-3443
CVE-2008-3655
CVE-2008-3656
CVE-2008-3657
CVE-2008-3790
CVE-2008-1447
CVE-2008-3905
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04
Product(s): ruby1.8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10034
 
Oval ID: oval:org.mitre.oval:def:10034
Title: resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
Description: resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
Family: unix Class: vulnerability
Reference(s): CVE-2008-3905
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application27

OpenVAS Exploits

DateDescription
2009-10-11Name : SLES11: Security update for ruby
File : nvt/sles11_ruby.nasl
2009-10-10Name : SLES9: Security update for ruby
File : nvt/sles9p5053737.nasl
2009-07-29Name : SuSE Security Advisory SUSE-SA:2009:037 (dhcp-client)
File : nvt/suse_sa_2009_037.nasl
2009-04-09Name : Mandriva Update for ruby MDVSA-2008:226 (ruby)
File : nvt/gb_mandriva_MDVSA_2008_226.nasl
2009-03-23Name : Ubuntu Update for ruby1.8 vulnerabilities USN-651-1
File : nvt/gb_ubuntu_USN_651_1.nasl
2009-03-06Name : RedHat Update for ruby RHSA-2008:0896-01
File : nvt/gb_RHSA-2008_0896-01_ruby.nasl
2009-03-06Name : RedHat Update for ruby RHSA-2008:0897-01
File : nvt/gb_RHSA-2008_0897-01_ruby.nasl
2009-03-06Name : RedHat Update for ruby RHSA-2008:0981-02
File : nvt/gb_RHSA-2008_0981-02_ruby.nasl
2009-02-27Name : CentOS Update for irb CESA-2008:0896 centos3 i386
File : nvt/gb_CESA-2008_0896_irb_centos3_i386.nasl
2009-02-27Name : CentOS Update for irb CESA-2008:0896 centos3 x86_64
File : nvt/gb_CESA-2008_0896_irb_centos3_x86_64.nasl
2009-02-27Name : CentOS Update for irb CESA-2008:0897 centos4 i386
File : nvt/gb_CESA-2008_0897_irb_centos4_i386.nasl
2009-02-27Name : CentOS Update for irb CESA-2008:0897 centos4 x86_64
File : nvt/gb_CESA-2008_0897_irb_centos4_x86_64.nasl
2009-02-27Name : CentOS Update for irb CESA-2008:0981 centos4 i386
File : nvt/gb_CESA-2008_0981_irb_centos4_i386.nasl
2009-02-27Name : CentOS Update for irb CESA-2008:0981 centos4 x86_64
File : nvt/gb_CESA-2008_0981_irb_centos4_x86_64.nasl
2009-02-17Name : Fedora Update for ruby FEDORA-2008-8736
File : nvt/gb_fedora_2008_8736_ruby_fc8.nasl
2009-02-17Name : Fedora Update for ruby FEDORA-2008-8738
File : nvt/gb_fedora_2008_8738_ruby_fc9.nasl
2009-01-07Name : Debian Security Advisory DSA 1695-1 (ruby1.8, ruby1.9)
File : nvt/deb_1695_1.nasl
2008-12-23Name : Gentoo Security Advisory GLSA 200812-17 (ruby)
File : nvt/glsa_200812_17.nasl
2008-11-01Name : Debian Security Advisory DSA 1651-1 (ruby1.8)
File : nvt/deb_1651_1.nasl
2008-11-01Name : Debian Security Advisory DSA 1652-1 (ruby1.9)
File : nvt/deb_1652_1.nasl
2008-09-04Name : FreeBSD Ports: ruby, ruby+pthreads, ruby+pthreads+oniguruma, ruby+oniguruma
File : nvt/freebsd_ruby7.nasl
2008-09-04Name : FreeBSD Ports: ruby, ruby+pthreads, ruby+pthreads+oniguruma, ruby+oniguruma
File : nvt/freebsd_ruby8.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
47469Ruby resolv.rb DNS Query ID Field Prediction Cache Poisoning

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0896.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0897.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0981.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081021_ruby_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081204_ruby_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-01-27Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_ruby-6338.nasl - Type : ACT_GATHER_INFO
2009-10-06Name : The remote openSUSE host is missing a security update.
File : suse_ruby-6339.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_ruby-090703.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12452.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_1_ruby-090703.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_0_ruby-090703.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-226.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-651-1.nasl - Type : ACT_GATHER_INFO
2009-01-06Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1695.nasl - Type : ACT_GATHER_INFO
2008-12-26Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0981.nasl - Type : ACT_GATHER_INFO
2008-12-17Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200812-17.nasl - Type : ACT_GATHER_INFO
2008-12-05Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0981.nasl - Type : ACT_GATHER_INFO
2008-12-01Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-334-01.nasl - Type : ACT_GATHER_INFO
2008-10-28Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0897.nasl - Type : ACT_GATHER_INFO
2008-10-22Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0896.nasl - Type : ACT_GATHER_INFO
2008-10-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0896.nasl - Type : ACT_GATHER_INFO
2008-10-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0897.nasl - Type : ACT_GATHER_INFO
2008-10-13Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1651.nasl - Type : ACT_GATHER_INFO
2008-10-13Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1652.nasl - Type : ACT_GATHER_INFO
2008-10-10Name : The remote Fedora host is missing a security update.
File : fedora_2008-8736.nasl - Type : ACT_GATHER_INFO
2008-10-10Name : The remote Fedora host is missing a security update.
File : fedora_2008-8738.nasl - Type : ACT_GATHER_INFO
2008-08-17Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_f7ba20aa6b5a11dd9d79001fc61c2a55.nasl - Type : ACT_GATHER_INFO
2008-08-17Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c329712a6b5b11dd9d79001fc61c2a55.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/31699
CONFIRMhttp://support.avaya.com/elmodocs2/security/ASA-2008-424.htm
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
DEBIANhttp://www.debian.org/security/2008/dsa-1651
http://www.debian.org/security/2008/dsa-1652
FEDORAhttps://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259...
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299...
GENTOOhttp://security.gentoo.org/glsa/glsa-200812-17.xml
MLISThttp://www.openwall.com/lists/oss-security/2008/09/03/3
http://www.openwall.com/lists/oss-security/2008/09/04/9
REDHAThttp://www.redhat.com/support/errata/RHSA-2008-0897.html
SECUNIAhttp://secunia.com/advisories/31430
http://secunia.com/advisories/32165
http://secunia.com/advisories/32219
http://secunia.com/advisories/32255
http://secunia.com/advisories/32256
http://secunia.com/advisories/32371
http://secunia.com/advisories/32948
http://secunia.com/advisories/33178
SLACKWAREhttp://slackware.com/security/viewer.php?l=slackware-security&y=2008&...
UBUNTUhttp://www.ubuntulinux.org/support/documentation/usn/usn-651-1
VUPENhttp://www.vupen.com/english/advisories/2008/2334
XFhttp://xforce.iss.net/xforce/xfdb/45935

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:46:21
  • Multiple Updates
2013-05-11 00:24:59
  • Multiple Updates