CVE-2007-2188 - eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, whic

CVE-2007-2188

Summary

eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing.

References

http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0569.html
http://osvdb.org/35584
http://www.securityfocus.com/bid/23577

Vulnerable Configurations

cpe:2.3:a:extremail:extremail:2.1:*:*:*:*:*:*:*
cpe:2.3:a:extremail:extremail:2.1:*:*:*:*:*:*:*
cpe:2.3:a:extremail:extremail:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:extremail:extremail:2.1.1:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 13-11-2008 - 06:38)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	23577
fulldisc	20070420 eXtremail-v9
osvdb	35584

Last major update

13-11-2008 - 06:38

Published

24-04-2007 - 17:19

Last modified

13-11-2008 - 06:38