426515 – (CVE-2008-4100) VUL-0: CVE-2008-4100: adns vulnerable to cache poisoning

Bug 426515 (CVE-2008-4100) - VUL-0: CVE-2008-4100: adns vulnerable to cache poisoning

Summary: VUL-0: CVE-2008-4100: adns vulnerable to cache poisoning

Status:	RESOLVED FIXED

Alias:	CVE-2008-4100

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Major
Target Milestone:	---
Deadline:	2008-10-14
Assignee:	Pavol Rusnak
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/60461/
Whiteboard:	CVE-2008-4100: CVSS v2 Base Score: 6....
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2008-09-16 07:31 UTC by Ludwig Nussel
Modified:	2018-05-11 13:31 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ludwig Nussel 2008-09-16 07:31:36 UTC

The issue is public.

CVE-2008-4100

Looks like there is no fix but the misbehavior is documented in the INSTALL file which we do not package. We should at least do that same as debian and just package the INSTALL file in stable.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492698

Comment 1 Pavol Rusnak 2008-09-18 08:42:26 UTC

I created README.SUSE file, which documents CVE-2008-1447 / CVE-2008-4100 poisoning vulnerability in similar fashion like Debian.

I submitted package only to STABLE as suggested.

Comment 2 Thomas Biege 2009-10-14 01:26:11 UTC

CVE-2008-4100: CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)