CVE-2014-4883
Published: 28 November 2014
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.
Priority
Status
Package | Release | Status |
---|---|---|
lwipv6 Launchpad, Ubuntu, Debian |
vivid |
Ignored
(end of life)
|
groovy |
Ignored
(end of life)
|
|
kinetic |
Ignored
(end of life, was needed)
|
|
xenial |
Needed
|
|
impish |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
artful |
Ignored
(end of life)
|
|
bionic |
Needed
|
|
cosmic |
Ignored
(end of life)
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life)
|
|
focal |
Needed
|
|
hirsute |
Ignored
(end of life)
|
|
jammy |
Needed
|
|
lucid |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
mantic |
Needed
|
|
lunar |
Ignored
(end of life, was needed)
|