Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3630

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2008-3630
Last Modified 07 Mar 2011 10:11:04
Published 10 Sep 2008 09:13:09
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3630

Summary

mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.

Vulnerable Systems

Application

  • Apple Bonjour 1.0.4


References

APPLE - APPLE-SA-2009-09-09

VUPEN - ADV-2008-2524

SECTRACK - 1020844

BID - 31093

CONFIRM - http://support.apple.com/kb/HT2990

SECUNIA - 31822


Last Updated: 27 May 2016 10:48:15