PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
2008-09-18T17:59:32.827
2025-04-09T00:30:58.490
Deferred
CVSSv2: 6.4 (MEDIUM)
AV:N/AC:L/Au:N/C:N/I:P/A:P
10.0
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | debian | python-dns | ≤ 2.3.1-3 | Yes |
| Application | debian | python-dns | 2.3.0-1 | Yes |
| Application | debian | python-dns | 2.3.0-2 | Yes |
| Application | debian | python-dns | 2.3.0-3 | Yes |
| Application | debian | python-dns | 2.3.0-4 | Yes |
| Application | debian | python-dns | 2.3.0-5 | Yes |
| Application | debian | python-dns | 2.3.0-5.1 | Yes |
| Application | debian | python-dns | 2.3.0-6 | Yes |
| Application | debian | python-dns | 2.3.1-1 | Yes |
| Application | debian | python-dns | 2.3.1-2 | Yes |
| Application | debian | linux | unknown | No |