Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

Perl Net::DNS package multiple security vulnerabilities
updated since 13.07.2007
Published: 17.12.2007
Source: FULL-DISCLOSURE
SecurityVulns ID: 7932
Type: library
Level: 5/10
Description: Weak DNS ID generation allows response spoofing, DoS on parsing DNS request.

Affected: PERL : Net::DNS 0.59
PERL : Net::DNS 0.60
CVE: CVE-2007-6341 (Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response.)
CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.)
CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.)

Original document SECURITEAM, [UNIX] Net::DNS Malformed Packet DoS (17.12.2007)

MANDRIVA, [Full-disclosure] [ MDKSA-2007:146 ] - Updated perl-Net-DNS packages fix multiple vulnerabilities (13.07.2007)

Files: Exploits Net::DNS Malformed Packet DoS
Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)