Executive Summary

Informations
Name CVE-2008-3905 First vendor Publication 2008-09-04
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:P)
Cvss Base Score 5.8 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3905

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-287 Improper Authentication

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10034
 
Oval ID: oval:org.mitre.oval:def:10034
Title: resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
Description: resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
Family: unix Class: vulnerability
Reference(s): CVE-2008-3905
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17538
 
Oval ID: oval:org.mitre.oval:def:17538
Title: USN-651-1 -- ruby1.8 vulnerabilities
Description: Akira Tagoh discovered a vulnerability in Ruby which lead to an integer overflow.
Family: unix Class: patch
Reference(s): USN-651-1
CVE-2008-2376
CVE-2008-3443
CVE-2008-3655
CVE-2008-3656
CVE-2008-3657
CVE-2008-3790
CVE-2008-1447
CVE-2008-3905
 Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04
 Product(s): ruby1.8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18456
 
Oval ID: oval:org.mitre.oval:def:18456
Title: DSA-1652-1 ruby1.9 - several vulnerabilities
Description: Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems.
Family: unix Class: patch
Reference(s): DSA-1652-1
CVE-2008-3655
CVE-2008-3656
CVE-2008-3657
CVE-2008-3790
CVE-2008-3905
 Version: 7
Platform(s): Debian GNU/Linux 4.0
 Product(s): ruby1.9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20309
 
Oval ID: oval:org.mitre.oval:def:20309
Title: DSA-1651-1 ruby1.8 - several vulnerabilities
Description: Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems.
Family: unix Class: patch
Reference(s): DSA-1651-1
CVE-2008-3655
CVE-2008-3656
CVE-2008-3657
CVE-2008-3790
CVE-2008-3905
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): ruby1.8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28242
 
Oval ID: oval:org.mitre.oval:def:28242
Title: RHSA-2008:0897 -- ruby security update (Moderate)
Description: Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905)
Family: unix Class: patch
Reference(s): RHSA-2008:0897
CESA-2008:0897-CentOS 5
CVE-2008-1145
CVE-2008-3443
CVE-2008-3655
CVE-2008-3656
CVE-2008-3657
CVE-2008-3790
CVE-2008-3905
 Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
CentOS Linux 5
 Product(s): ruby
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7935
 
Oval ID: oval:org.mitre.oval:def:7935
Title: DSA-1651 ruby1.8 -- several vulnerabilities
Description: Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems: Keita Yamaguchi discovered that several safe level restrictions are insufficiently enforced. Christian Neukirchen discovered that the WebRick module uses inefficient algorithms for HTTP header splitting, resulting in denial of service through resource exhaustion. It was discovered that the dl module doesn't perform taintness checks. Luka Treiber and Mitja Kolsek discovered that recursively nested XML entities can lead to denial of service through resource exhaustion in rexml. Tanaka Akira discovered that the resolv module uses sequential transaction IDs and a fixed source port for DNS queries, which makes it more vulnerable to DNS spoofing attacks.
Family: unix Class: patch
Reference(s): DSA-1651
CVE-2008-3655
CVE-2008-3656
CVE-2008-3657
CVE-2008-3790
CVE-2008-3905
 Version: 3
Platform(s): Debian GNU/Linux 4.0
 Product(s): ruby1.8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8055
 
Oval ID: oval:org.mitre.oval:def:8055
Title: DSA-1652 ruby1.9 -- several vulnerabilities
Description: Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems: Keita Yamaguchi discovered that several safe level restrictions are insufficiently enforced. Christian Neukirchen discovered that the WebRick module uses inefficient algorithms for HTTP header splitting, resulting in denial of service through resource exhaustion. It was discovered that the dl module doesn't perform taintness checks. Luka Treiber and Mitja Kolsek discovered that recursively nested XML entities can lead to denial of service through resource exhaustion in rexml. Tanaka Akira discovered that the resolv module uses sequential transaction IDs and a fixed source port for DNS queries, which makes it more vulnerable to DNS spoofing attacks.
Family: unix Class: patch
Reference(s): DSA-1652
CVE-2008-3655
CVE-2008-3656
CVE-2008-3657
CVE-2008-3790
CVE-2008-3905
 Version: 3
Platform(s): Debian GNU/Linux 4.0
 Product(s): ruby1.9
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 867

OpenVAS Exploits

Date Description
2009-10-11 Name : SLES11: Security update for ruby
File : nvt/sles11_ruby.nasl
2009-10-10 Name : SLES9: Security update for ruby
File : nvt/sles9p5053737.nasl
2009-07-29 Name : SuSE Security Advisory SUSE-SA:2009:037 (dhcp-client)
File : nvt/suse_sa_2009_037.nasl
2009-04-09 Name : Mandriva Update for ruby MDVSA-2008:226 (ruby)
File : nvt/gb_mandriva_MDVSA_2008_226.nasl
2009-03-23 Name : Ubuntu Update for ruby1.8 vulnerabilities USN-651-1
File : nvt/gb_ubuntu_USN_651_1.nasl
2009-03-06 Name : RedHat Update for ruby RHSA-2008:0896-01
File : nvt/gb_RHSA-2008_0896-01_ruby.nasl
2009-03-06 Name : RedHat Update for ruby RHSA-2008:0981-02
File : nvt/gb_RHSA-2008_0981-02_ruby.nasl
2009-03-06 Name : RedHat Update for ruby RHSA-2008:0897-01
File : nvt/gb_RHSA-2008_0897-01_ruby.nasl
2009-02-27 Name : CentOS Update for irb CESA-2008:0897 centos4 x86_64
File : nvt/gb_CESA-2008_0897_irb_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for irb CESA-2008:0981 centos4 i386
File : nvt/gb_CESA-2008_0981_irb_centos4_i386.nasl
2009-02-27 Name : CentOS Update for irb CESA-2008:0981 centos4 x86_64
File : nvt/gb_CESA-2008_0981_irb_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for irb CESA-2008:0897 centos4 i386
File : nvt/gb_CESA-2008_0897_irb_centos4_i386.nasl
2009-02-27 Name : CentOS Update for irb CESA-2008:0896 centos3 x86_64
File : nvt/gb_CESA-2008_0896_irb_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for irb CESA-2008:0896 centos3 i386
File : nvt/gb_CESA-2008_0896_irb_centos3_i386.nasl
2009-02-17 Name : Fedora Update for ruby FEDORA-2008-8736
File : nvt/gb_fedora_2008_8736_ruby_fc8.nasl
2009-02-17 Name : Fedora Update for ruby FEDORA-2008-8738
File : nvt/gb_fedora_2008_8738_ruby_fc9.nasl
2009-01-07 Name : Debian Security Advisory DSA 1695-1 (ruby1.8, ruby1.9)
File : nvt/deb_1695_1.nasl
2008-12-23 Name : Gentoo Security Advisory GLSA 200812-17 (ruby)
File : nvt/glsa_200812_17.nasl
2008-11-01 Name : Debian Security Advisory DSA 1651-1 (ruby1.8)
File : nvt/deb_1651_1.nasl
2008-11-01 Name : Debian Security Advisory DSA 1652-1 (ruby1.9)
File : nvt/deb_1652_1.nasl
2008-09-04 Name : FreeBSD Ports: ruby, ruby+pthreads, ruby+pthreads+oniguruma, ruby+oniguruma
File : nvt/freebsd_ruby8.nasl
2008-09-04 Name : FreeBSD Ports: ruby, ruby+pthreads, ruby+pthreads+oniguruma, ruby+oniguruma
File : nvt/freebsd_ruby7.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
47469 Ruby resolv.rb DNS Query ID Field Prediction Cache Poisoning

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0981.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0897.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0896.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081204_ruby_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081021_ruby_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_ruby-6338.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_ruby-6339.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_ruby-090703.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12452.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_ruby-090703.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_ruby-090703.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-651-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-226.nasl - Type : ACT_GATHER_INFO
2009-01-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1695.nasl - Type : ACT_GATHER_INFO
2008-12-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0981.nasl - Type : ACT_GATHER_INFO
2008-12-17 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200812-17.nasl - Type : ACT_GATHER_INFO
2008-12-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0981.nasl - Type : ACT_GATHER_INFO
2008-12-01 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-334-01.nasl - Type : ACT_GATHER_INFO
2008-10-28 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0897.nasl - Type : ACT_GATHER_INFO
2008-10-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0896.nasl - Type : ACT_GATHER_INFO
2008-10-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0897.nasl - Type : ACT_GATHER_INFO
2008-10-22 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0896.nasl - Type : ACT_GATHER_INFO
2008-10-13 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1652.nasl - Type : ACT_GATHER_INFO
2008-10-13 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1651.nasl - Type : ACT_GATHER_INFO
2008-10-10 Name : The remote Fedora host is missing a security update.
File : fedora_2008-8738.nasl - Type : ACT_GATHER_INFO
2008-10-10 Name : The remote Fedora host is missing a security update.
File : fedora_2008-8736.nasl - Type : ACT_GATHER_INFO
2008-08-17 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_f7ba20aa6b5a11dd9d79001fc61c2a55.nasl - Type : ACT_GATHER_INFO
2008-08-17 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c329712a6b5b11dd9d79001fc61c2a55.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://secunia.com/advisories/31430
http://secunia.com/advisories/32165
http://secunia.com/advisories/32219
http://secunia.com/advisories/32255
http://secunia.com/advisories/32256
http://secunia.com/advisories/32371
http://secunia.com/advisories/32948
http://secunia.com/advisories/33178
http://security.gentoo.org/glsa/glsa-200812-17.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&...
http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm
http://www.debian.org/security/2008/dsa-1651
http://www.debian.org/security/2008/dsa-1652
http://www.openwall.com/lists/oss-security/2008/09/03/3
http://www.openwall.com/lists/oss-security/2008/09/04/9
http://www.redhat.com/support/errata/RHSA-2008-0897.html
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
http://www.securityfocus.com/bid/31699
http://www.vupen.com/english/advisories/2008/2334
https://exchange.xforce.ibmcloud.com/vulnerabilities/45935
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://usn.ubuntu.com/651-1/
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259...
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299...
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Date Informations
2024-11-28 23:13:35
  • Multiple Updates
2024-11-28 12:16:25
  • Multiple Updates
2021-05-04 12:07:59
  • Multiple Updates
2021-04-22 01:08:21
  • Multiple Updates
2020-05-24 01:04:43
  • Multiple Updates
2020-05-23 00:22:12
  • Multiple Updates
2018-11-01 12:02:18
  • Multiple Updates
2018-10-31 01:02:23
  • Multiple Updates
2018-10-04 00:19:33
  • Multiple Updates
2018-05-23 12:02:22
  • Multiple Updates
2017-09-29 09:23:42
  • Multiple Updates
2017-08-08 09:24:21
  • Multiple Updates
2016-06-29 00:00:59
  • Multiple Updates
2016-04-26 17:47:28
  • Multiple Updates
2014-02-17 10:46:21
  • Multiple Updates
2013-05-11 00:24:59
  • Multiple Updates