var-200807-0469
Vulnerability from variot
dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214. dnsmasq There is a service disruption ( Daemon crash ) There is a vulnerability that becomes a condition. This vulnerability CVE-2008-3214 Is a different vulnerability.Denial of service operation by a third party: ( Daemon crash ) There is a possibility of being put into a state. Dnsmasq is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to crash the server, denying access to legitimate users. Dnsmasq 2.43 is vulnerable.
For more information: SA30348
SOLUTION: Apply updated packages via the yum utility ("yum update snort").
For more information: SA29410
The vulnerability is reported in the following products and versions: * Avaya Communication Manager (3.1 and later) * Avaya Intuity AUDIX LX (all versions) * Avaya EMMC (all versions) * Avaya Messaging Storage Server (all versions) * Avaya Message Networking (all versions) * Avaya SIP Enablement Services (3.1.2 and later) * Avaya Voice Portal (all versions) * Avaya Meeting Exchange (all versions) * Avaya Proactive Contact (all versions) * Avaya AES (3.1.6, 4.2.1)
SOLUTION: The vendor recommends that local and network access to the affected systems be restricted until an update is available. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated. This can be exploited to bypass Snort rules by sending fragmented IP packets with an overly large TTL (Time To Live) difference between fragments.
1) A vulnerability is caused due to dnsmasq not sufficiently randomising the DNS transaction ID and the source port number, which can be exploited to poison the DNS cache.
Note: Additionally, an error within the netlink code and a potential crash when a host without a lease performs a DHCPINFORM have been reported in version 2.43. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: bzip2 Unspecified Vulnerability
SECUNIA ADVISORY ID: SA29410
VERIFY ADVISORY: http://secunia.com/advisories/29410/
CRITICAL: Moderately critical
IMPACT: Unknown
WHERE:
From remote
REVISION: 1.1 originally posted 2008-03-24
SOFTWARE: bzip2 1.x http://secunia.com/product/5138/
DESCRIPTION: A vulnerability with unknown impact has been reported in bzip2.
The vulnerability is caused due to an unspecified error. No further information is currently available.
The vulnerability is reported in versions prior to 1.0.5.
SOLUTION: Update to version 1.0.5. http://www.bzip.org/downloads.html
PROVIDED AND/OR DISCOVERED BY: Oulu University Secure Programming Group
CHANGELOG: 2008-03-24: Added CVE reference.
ORIGINAL ADVISORY: http://www.bzip.org/CHANGES
http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
OTHER REFERENCES: https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-02
http://security.gentoo.org/
Severity: Normal Title: dnsmasq: Denial of Service and DNS spoofing Date: September 04, 2008 Bugs: #231282, #232523 ID: 200809-02
Synopsis
Two vulnerabilities in dnsmasq might allow for a Denial of Service or spoofing of DNS replies.
Background
Dnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/dnsmasq < 2.45 >= 2.45
Description
-
Dan Kaminsky of IOActive reported that dnsmasq does not randomize UDP source ports when forwarding DNS queries to a recursing DNS server (CVE-2008-1447).
-
Carlos Carvalho reported that dnsmasq in the 2.43 version does not properly handle clients sending inform or renewal queries for unknown DHCP leases, leading to a crash (CVE-2008-3350).
Impact
A remote attacker could send spoofed DNS response traffic to dnsmasq, possibly involving generating queries via multiple vectors, and spoof DNS replies, which could e.g. lead to the redirection of web or mail traffic to malicious sites. Furthermore, an attacker could generate invalid DHCP traffic and cause a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All dnsmasq users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.45"
References
[ 1 ] CVE-2008-3350 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3350 [ 2 ] CVE-2008-1447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200809-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200807-0469",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dnsmasq",
"scope": "eq",
"trust": 1.6,
"vendor": "the kelleys",
"version": "2.43"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.8,
"vendor": "thekelleys",
"version": "2.43"
},
{
"model": "net-dns/dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "gentoo",
"version": "2.43"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.43"
},
{
"model": "net-dns/dnsmasq",
"scope": "ne",
"trust": 0.3,
"vendor": "gentoo",
"version": "2.45"
},
{
"model": "dnsmasq",
"scope": "ne",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.45"
},
{
"model": "dnsmasq",
"scope": "ne",
"trust": 0.3,
"vendor": "dnsmasq",
"version": "2.44"
}
],
"sources": [
{
"db": "BID",
"id": "31017"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006067"
},
{
"db": "NVD",
"id": "CVE-2008-3350"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-442"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:the_kelleys:dnsmasq:2.43:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3350"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carlos Carvalho",
"sources": [
{
"db": "BID",
"id": "31017"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-442"
}
],
"trust": 0.9
},
"cve": "CVE-2008-3350",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2008-3350",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-3350",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200807-442",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-006067"
},
{
"db": "NVD",
"id": "CVE-2008-3350"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-442"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an \"unknown client,\" a different vulnerability than CVE-2008-3214. dnsmasq There is a service disruption ( Daemon crash ) There is a vulnerability that becomes a condition. This vulnerability CVE-2008-3214 Is a different vulnerability.Denial of service operation by a third party: ( Daemon crash ) There is a possibility of being put into a state. Dnsmasq is prone to multiple remote denial-of-service vulnerabilities. \nAn attacker can exploit these issues to crash the server, denying access to legitimate users. \nDnsmasq 2.43 is vulnerable. \n\nFor more information:\nSA30348\n\nSOLUTION:\nApply updated packages via the yum utility (\"yum update snort\"). \n\nFor more information:\nSA29410\n\nThe vulnerability is reported in the following products and\nversions:\n* Avaya Communication Manager (3.1 and later)\n* Avaya Intuity AUDIX LX (all versions)\n* Avaya EMMC (all versions)\n* Avaya Messaging Storage Server (all versions)\n* Avaya Message Networking (all versions)\n* Avaya SIP Enablement Services (3.1.2 and later)\n* Avaya Voice Portal (all versions)\n* Avaya Meeting Exchange (all versions)\n* Avaya Proactive Contact (all versions)\n* Avaya AES (3.1.6, 4.2.1)\n\nSOLUTION:\nThe vendor recommends that local and network access to the affected\nsystems be restricted until an update is available. ----------------------------------------------------------------------\n\nSecunia Network Software Inspector 2.0 (NSI) - Public Beta\n\nThe Public Beta has ended. Thanks to all that participated. This can be exploited to bypass Snort rules by\nsending fragmented IP packets with an overly large TTL (Time To Live)\ndifference between fragments. \n\n1) A vulnerability is caused due to dnsmasq not sufficiently\nrandomising the DNS transaction ID and the source port number, which\ncan be exploited to poison the DNS cache. \n\nNote: Additionally, an error within the netlink code and a potential\ncrash when a host without a lease performs a DHCPINFORM have been\nreported in version 2.43. ----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nbzip2 Unspecified Vulnerability\n\nSECUNIA ADVISORY ID:\nSA29410\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/29410/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nUnknown\n\nWHERE:\n\u003eFrom remote\n\nREVISION:\n1.1 originally posted 2008-03-24\n\nSOFTWARE:\nbzip2 1.x\nhttp://secunia.com/product/5138/\n\nDESCRIPTION:\nA vulnerability with unknown impact has been reported in bzip2. \n\nThe vulnerability is caused due to an unspecified error. No further\ninformation is currently available. \n\nThe vulnerability is reported in versions prior to 1.0.5. \n\nSOLUTION:\nUpdate to version 1.0.5. \nhttp://www.bzip.org/downloads.html\n\nPROVIDED AND/OR DISCOVERED BY:\nOulu University Secure Programming Group\n\nCHANGELOG:\n2008-03-24: Added CVE reference. \n\nORIGINAL ADVISORY:\nhttp://www.bzip.org/CHANGES\n\nhttp://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/\n\nOTHER REFERENCES:\nhttps://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200809-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: dnsmasq: Denial of Service and DNS spoofing\n Date: September 04, 2008\n Bugs: #231282, #232523\n ID: 200809-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nTwo vulnerabilities in dnsmasq might allow for a Denial of Service or\nspoofing of DNS replies. \n\nBackground\n==========\n\nDnsmasq is a lightweight and easily-configurable DNS forwarder and DHCP\nserver. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-dns/dnsmasq \u003c 2.45 \u003e= 2.45\n\nDescription\n===========\n\n* Dan Kaminsky of IOActive reported that dnsmasq does not randomize\n UDP source ports when forwarding DNS queries to a recursing DNS\n server (CVE-2008-1447). \n\n* Carlos Carvalho reported that dnsmasq in the 2.43 version does not\n properly handle clients sending inform or renewal queries for unknown\n DHCP leases, leading to a crash (CVE-2008-3350). \n\nImpact\n======\n\nA remote attacker could send spoofed DNS response traffic to dnsmasq,\npossibly involving generating queries via multiple vectors, and spoof\nDNS replies, which could e.g. lead to the redirection of web or mail\ntraffic to malicious sites. Furthermore, an attacker could generate\ninvalid DHCP traffic and cause a Denial of Service. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll dnsmasq users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dns/dnsmasq-2.45\"\n\nReferences\n==========\n\n [ 1 ] CVE-2008-3350\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3350\n [ 2 ] CVE-2008-1447\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200809-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2008 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3350"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006067"
},
{
"db": "BID",
"id": "31017"
},
{
"db": "PACKETSTORM",
"id": "67068"
},
{
"db": "PACKETSTORM",
"id": "68442"
},
{
"db": "PACKETSTORM",
"id": "71032"
},
{
"db": "PACKETSTORM",
"id": "66607"
},
{
"db": "PACKETSTORM",
"id": "68438"
},
{
"db": "PACKETSTORM",
"id": "64854"
},
{
"db": "PACKETSTORM",
"id": "69643"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-3350",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "31197",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2166",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006067",
"trust": 0.8
},
{
"db": "MLIST",
"id": "[DNSMASQ-DISCUSS] 20080720 DNSMASQ 2.44 AVAILABLE.",
"trust": 0.6
},
{
"db": "XF",
"id": "43960",
"trust": 0.6
},
{
"db": "XF",
"id": "43957",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200807-442",
"trust": 0.6
},
{
"db": "BID",
"id": "31017",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "30563",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "67068",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "31204",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68442",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "32313",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "71032",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "30348",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "66607",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68438",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "29410",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64854",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "69643",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "31017"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006067"
},
{
"db": "PACKETSTORM",
"id": "67068"
},
{
"db": "PACKETSTORM",
"id": "68442"
},
{
"db": "PACKETSTORM",
"id": "71032"
},
{
"db": "PACKETSTORM",
"id": "66607"
},
{
"db": "PACKETSTORM",
"id": "68438"
},
{
"db": "PACKETSTORM",
"id": "64854"
},
{
"db": "PACKETSTORM",
"id": "69643"
},
{
"db": "NVD",
"id": "CVE-2008-3350"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-442"
}
]
},
"id": "VAR-200807-0469",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.24812031
},
"last_update_date": "2023-12-18T10:52:25.508000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "dnsmasq",
"trust": 0.8,
"url": "http://www.thekelleys.org.uk/dnsmasq/doc.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-006067"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-006067"
},
{
"db": "NVD",
"id": "CVE-2008-3350"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.thekelleys.org.uk/dnsmasq/changelog"
},
{
"trust": 1.7,
"url": "http://article.gmane.org/gmane.network.dns.dnsmasq.general/2189"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/31197"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/2166"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43957"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43960"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3350"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3350"
},
{
"trust": 0.6,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/43960"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/43957"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/2166"
},
{
"trust": 0.5,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.5,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.3,
"url": "http://www.thekelleys.org.uk/dnsmasq/doc.html"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/30348/"
},
{
"trust": 0.3,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.3,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.3,
"url": "http://secunia.com/advisories/29410/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/31197/"
},
{
"trust": 0.2,
"url": "http://corporate.secunia.com/about_secunia/64/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-june/msg00198.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/30563/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/18642/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15552/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-june/msg00167.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16769/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-june/msg00156.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5028/"
},
{
"trust": 0.1,
"url": "http://www.ipcop.org/index.php?name=news\u0026file=article\u0026sid=40"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31204/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/5801/"
},
{
"trust": 0.1,
"url": "http://secunia.com/binary_analysis/sample_analysis/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/19184/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/19183/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/19414/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/8717/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/32313/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/8090/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/20091/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/19182/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/4484/"
},
{
"trust": 0.1,
"url": "http://support.avaya.com/elmodocs2/security/asa-2008-404.htm"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/19415/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=701"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector_2/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16919/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13116/"
},
{
"trust": 0.1,
"url": "http://article.gmane.org/gmane.network.dns.dnsmasq.general/2156"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4837/"
},
{
"trust": 0.1,
"url": "http://article.gmane.org/gmane.network.dns.dnsmasq.general/2199"
},
{
"trust": 0.1,
"url": "http://article.gmane.org/gmane.network.dns.dnsmasq.general/2176"
},
{
"trust": 0.1,
"url": "https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.bzip.org/downloads.html"
},
{
"trust": 0.1,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/"
},
{
"trust": 0.1,
"url": "http://www.bzip.org/changes"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5138/"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-200809-02.xml"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3350"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1447"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1447"
}
],
"sources": [
{
"db": "BID",
"id": "31017"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006067"
},
{
"db": "PACKETSTORM",
"id": "67068"
},
{
"db": "PACKETSTORM",
"id": "68442"
},
{
"db": "PACKETSTORM",
"id": "71032"
},
{
"db": "PACKETSTORM",
"id": "66607"
},
{
"db": "PACKETSTORM",
"id": "68438"
},
{
"db": "PACKETSTORM",
"id": "64854"
},
{
"db": "PACKETSTORM",
"id": "69643"
},
{
"db": "NVD",
"id": "CVE-2008-3350"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-442"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "31017"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006067"
},
{
"db": "PACKETSTORM",
"id": "67068"
},
{
"db": "PACKETSTORM",
"id": "68442"
},
{
"db": "PACKETSTORM",
"id": "71032"
},
{
"db": "PACKETSTORM",
"id": "66607"
},
{
"db": "PACKETSTORM",
"id": "68438"
},
{
"db": "PACKETSTORM",
"id": "64854"
},
{
"db": "PACKETSTORM",
"id": "69643"
},
{
"db": "NVD",
"id": "CVE-2008-3350"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-442"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-07-20T00:00:00",
"db": "BID",
"id": "31017"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-006067"
},
{
"date": "2008-06-06T22:51:33",
"db": "PACKETSTORM",
"id": "67068"
},
{
"date": "2008-07-23T22:36:39",
"db": "PACKETSTORM",
"id": "68442"
},
{
"date": "2008-10-17T23:09:21",
"db": "PACKETSTORM",
"id": "71032"
},
{
"date": "2008-05-22T16:01:29",
"db": "PACKETSTORM",
"id": "66607"
},
{
"date": "2008-07-23T22:36:39",
"db": "PACKETSTORM",
"id": "68438"
},
{
"date": "2008-03-26T00:09:25",
"db": "PACKETSTORM",
"id": "64854"
},
{
"date": "2008-09-04T22:22:48",
"db": "PACKETSTORM",
"id": "69643"
},
{
"date": "2008-07-28T17:41:00",
"db": "NVD",
"id": "CVE-2008-3350"
},
{
"date": "2008-07-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200807-442"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-04T23:21:00",
"db": "BID",
"id": "31017"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-006067"
},
{
"date": "2017-08-08T01:31:48.310000",
"db": "NVD",
"id": "CVE-2008-3350"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200807-442"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200807-442"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dnsmasq DCHP Lease Multiple Remote Denial Of Service Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "31017"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-442"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "31017"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-442"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.