{"id":"CVE-2008-4099","details":"PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.","modified":"2024-06-04T04:00:19Z","published":"2008-09-18T17:59:32Z","withdrawn":"2024-06-30T15:58:43.415054Z","references":[{"type":"EVIDENCE","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490217"},{"type":"WEB","url":"http://packages.debian.org/changelogs/pool/main/p/python-dns/python-dns_2.3.3-1/changelog"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2008/09/11/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2008/09/16/4"}],"affected":[{"package":{"name":"python-dns","ecosystem":"Debian:10","purl":"pkg:deb/debian/python-dns?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.1-5"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2008-4099.json"}}],"schema_version":"1.7.3"}