CVE-2007-3377
Published: 25 June 2007
Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.
Priority
Status
Package | Release | Status |
---|---|---|
libnet-dns-perl Launchpad, Ubuntu, Debian |
dapper |
Released
(0.53-2ubuntu1)
|
edgy |
Released
(0.57-1ubuntu1)
|
|
feisty |
Released
(0.59-1build1.1)
|
|
gutsy |
Not vulnerable
(0.60-1)
|
|
upstream |
Released
(0.60)
|