paul Posted July 13, 2007 Report Share Posted July 13, 2007 A flaw was discovered in the perl Net::DNS module in the way it generated the ID field in a DNS query. Because it is so predictable, a remote attacker could exploit this to return invalid DNS data (CVE-2007-3377). A denial of service vulnerability was found in how Net::DNS parsed certain DNS requests. A malformed response to a DNS request could cause the application using Net::DNS to crash or stop responding (CVE-2007-3409). The updated packages have been patched to prevent these issues. Link to comment Share on other sites More sharing options...
Recommended Posts