FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-3377

This CVE name corresponds to:

Entered Topic
2007-07-28 p5-Net-DNS -- multiple Vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2007-3377
Phase Assigned(20070625)

Description

Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.

References

Source Reference
BUGTRAQ 20070717 rPSA-2007-0142-1 perl-Net-DNS
MISC http://www.nntp.perl.org/group/perl.qpsmtpd/2006/03/msg4810.html
CONFIRM http://rt.cpan.org/Public/Bug/Display.html?id=23961
CONFIRM https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245458
CONFIRM http://www.net-dns.org/docs/Changes.html
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-351.htm
DEBIAN DSA-1515
GENTOO GLSA-200708-06
MANDRIVA MDKSA-2007:146
REDHAT RHSA-2007:0674
REDHAT RHSA-2007:0675
SGI 20070701-01-P
SUSE SUSE-SR:2007:017
TRUSTIX 2007-0023
UBUNTU USN-483-1
BID 24669
OSVDB 37053
OVAL oval:org.mitre.oval:def:9904
SECTRACK 1018377
SECUNIA 25829
SECUNIA 26014
SECUNIA 26055
SECUNIA 26012
SECUNIA 26075
SECUNIA 26211
SECUNIA 26231
SECUNIA 26417
SECUNIA 26508
SECUNIA 26543
SECUNIA 29354
XF netdns-dns-responses-spoofing(35112)