CVE-2007-3377 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-3377
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-3377

Description: Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/35112 UBUNTU http://www.ubuntu.com/usn/usn-483-1 TRUSTIX http://www.trustix.org/errata/2007/0023/ SUSE http://www.novell.com/linux/security/advisories/2007_17_sr.html ST 1018377 SGI SAID Secunia Advisory: SA26508 Secunia Advisory: SA26417 Secunia Advisory: SA26231 Secunia Advisory: SA26211 Secunia Advisory: SA26075 Secunia Advisory: SA26012 Secunia Advisory: SA26055 Secunia Advisory: SA25829 Secunia Advisory: SA26014 Secunia Advisory: SA26543 Secunia Advisory: SA29354 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0674.html http://www.redhat.com/support/errata/RHSA-2007-0675.html MISC http://www.nntp.perl.org/group/perl.qpsmtpd/2006/03/msg4810.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:146 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200708-06.xml DEBIAN http://www.debian.org/security/2008/dsa-1515 CONFIRM http://www.net-dns.org/docs/Changes.html http://support.avaya.com/elmodocs2/security/ASA-2007-351.htm http://rt.cpan.org/Public/Bug/Display.html?id=23961 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/473871/100/0/threaded BID 24669

Return to the previous page.