Affected Products
	Any Ruby application that utilizes the standard library Resolv for DNS
	
Vulnerability Details

	This vulnerability gives remote attackers the ability to spoof responses to DNS queries made by Ruby applications that utilize the Resolv library that comes in the standard library for Ruby.
	
	The Resolv library is a DNS client written purely in Ruby, that has the advantage of working well with Ruby's threading model.  Normal DNS lookups without the Resolv library block the Ruby process, and therefore all of its internally-represented threads.  A Ruby application can "require 'resolv-replace'" in order to transparently make DNS requests use the Ruby Resolv library, instead of the operating system's DNS lookup mechanisms.
	
	The flaw exists in Ruby's Resolv library's generation of DNS transaction ID numbers.  Transaction IDs start at zero, and increment by one with each query.  This "counter" scheme for generating transaction IDs resets to zero for each execution of a Ruby application.  This makes it much easier for an attacker to guess the transaction ID and spoof malicious responses to queries from Ruby applications.
	
	This behavior can be easily observed by sniffing the requests generated by the following small Ruby program:
	
	#!/usr/bin/env ruby
	require 'socket'
	require 'resolv-replace'

	while true
	  puts IPSocket.getaddress("example.com")
	  sleep 3
	end
	
	(Tested with "ruby 1.8.7 (2008-06-20 patchlevel 22) [i686-darwin9]")

	(Not only are the TIDs very predictable, the source port isn't randomized either)