Vulnerability CVE-2008-3905 - CERT Civis.Net

Vulnerability Name:

CVE-2008-3905 (CCN-45935)

Assigned:

2008-08-08

Published:

2008-08-08

Updated:

2018-10-03

Summary:

resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Other

References:

Source: MITRE
Type: CNA
CVE-2008-3905

Source: CCN
Type: RHSA-2008-0896
Moderate: ruby security update

Source: CCN
Type: RHSA-2008-0897
Moderate: ruby security update

Source: CCN
Type: SA31430
Ruby Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
31430

Source: SECUNIA
Type: UNKNOWN
32165

Source: SECUNIA
Type: UNKNOWN
32219

Source: SECUNIA
Type: UNKNOWN
32255

Source: SECUNIA
Type: UNKNOWN
32256

Source: SECUNIA
Type: UNKNOWN
32371

Source: SECUNIA
Type: UNKNOWN
32948

Source: SECUNIA
Type: UNKNOWN
33178

Source: GENTOO
Type: UNKNOWN
GLSA-200812-17

Source: SLACKWARE
Type: UNKNOWN
SSA:2008-334-01

Source: CCN
Type: ASA-2008-423
ruby security update (RHSA-2008-0896)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm

Source: CCN
Type: ASA-2008-424
ruby security update (RHSA-2008-0897)

Source: DEBIAN
Type: UNKNOWN
DSA-1651

Source: DEBIAN
Type: UNKNOWN
DSA-1652

Source: DEBIAN
Type: DSA-1651
ruby1.8 -- several vulnerabilities

Source: DEBIAN
Type: DSA-1652
ruby1.9 -- several vulnerabilities

Source: CCN
Type: GLSA-200812-17
Ruby: Multiple vulnerabilities

Source: CCN
Type: oss-security Mailing List, Wed, 03 Sep 2008 14:52:59 +0200
CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb)

Source: MLIST
Type: Exploit
[oss-security] 20080903 CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb)

Source: CCN
Type: oss-security Mailing List, Thu, 4 Sep 2008 12:01:04 -0400 (EDT)
Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb)

Source: MLIST
Type: UNKNOWN
[oss-security] 20080904 Re: CVE Request (ruby -- DNS spoofing vulnerability

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0897

Source: CCN
Type: Ruby Programming Language Web site
Multiple vulnerabilities in Ruby

Source: CONFIRM
Type: Patch
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/

Source: BID
Type: UNKNOWN
31699

Source: CCN
Type: BID-31699
Ruby 'resolv.rb' Predictable Transaction ID and Source Port DNS Spoofing Vulnerability

Source: CCN
Type: USN-651-1
Ruby vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2008-2334

Source: XF
Type: UNKNOWN
ruby-resolv-dns-spoofing(45935)

Source: XF
Type: UNKNOWN
ruby-resolv-dns-spoofing(45935)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10034

Source: UBUNTU
Type: UNKNOWN
USN-651-1

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-8738

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-8736

Source: SUSE
Type: SUSE-SA:2009:037
dhcp-client security problem

Vulnerable Configuration:

Configuration 1:

cpe:/a:ruby-lang:ruby:1.6:*:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:*:*:*:*:*:*:*:* (Version <= 1.8.5)

OR cpe:/a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.6:p111:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.6:p230:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:*:p286:*:*:*:*:*:* (Version <= 1.8.6)

OR cpe:/a:ruby-lang:ruby:1.8.6:p36:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:*:p71:*:*:*:*:*:* (Version <= 1.8.7)

OR cpe:/a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:*:r18423:*:*:*:*:*:* (Version <= 1.9)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.5:*:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8:*:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.6:p230:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.6:p286:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.5:p115:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.5:p231:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.8.2:preview1:*:*:*:*:*:*

OR cpe:/a:ruby-lang:ruby:1.6:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04:*:lts:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:11.0:*:*:*:*:*:*:*

OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20083905	V	CVE-2008-3905	2022-05-20
oval:org.opensuse.security:def:29431	P	Security update for webkit2gtk3 (Important)	2021-10-06
oval:org.opensuse.security:def:32105	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:29467	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:32239	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:32020	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:32019	P	Security update for clamav (Important)	2020-12-22
oval:org.opensuse.security:def:28215	P	Security update for libpng12-0 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28793	P	Security update for libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32688	P	kde4-kgreeter-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28356	P	Security update for poppler (Moderate)	2020-12-01
oval:org.opensuse.security:def:32031	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32776	P	python on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28592	P	Security update for openssl-certs	2020-12-01
oval:org.opensuse.security:def:28010	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32842	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28694	P	Security update for giflib (Moderate)	2020-12-01
oval:org.opensuse.security:def:32389	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:28085	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:33519	P	Security update for ruby	2020-12-01
oval:org.opensuse.security:def:28749	P	Security update for lzo	2020-12-01
oval:org.opensuse.security:def:32632	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28299	P	Security update for netatalk (Important)	2020-12-01
oval:org.opensuse.security:def:32737	P	libvorbis on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28440	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:28009	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32798	P	tgt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28645	P	Security update for compat-openssl097g	2020-12-01
oval:org.opensuse.security:def:32332	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:28021	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:33480	P	Security update for libneon	2020-12-01
oval:org.opensuse.security:def:28733	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:32476	P	Security update for yast2-storage (Moderate)	2020-12-01
oval:org.mitre.oval:def:28242	P	RHSA-2008:0897 -- ruby security update (Moderate)	2015-08-17
oval:org.mitre.oval:def:17538	P	USN-651-1 -- ruby1.8 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:7935	P	DSA-1651 ruby1.8 -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:18456	P	DSA-1652-1 ruby1.9 - several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:8055	P	DSA-1652 ruby1.9 -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:20309	P	DSA-1651-1 ruby1.8 - several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:21785	P	ELSA-2008:0897: ruby security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:10034	V	resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.	2013-04-29
oval:com.redhat.rhsa:def:20080896	P	RHSA-2008:0896: ruby security update (Moderate)	2008-10-21
oval:com.redhat.rhsa:def:20080897	P	RHSA-2008:0897: ruby security update (Moderate)	2008-10-21
oval:org.debian:def:1651	V	several vulnerabilities	2008-10-12
oval:org.debian:def:1652	V	several vulnerabilities	2008-10-12