Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243591
Summary: c-ares < 1.4.0 DNS cache poisoning vulnerability Product: Fedora Extras Version: f7 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: c-ares AssignedTo: tcallawa@redhat.com ReportedBy: ville.skytta@iki.fi QAContact: extras-qa@fedoraproject.org CC: fedora-security-list@redhat.com
http://www.vuxml.org/freebsd/70ae62b0-16b0-11dc-b803-0016179b2dd5.html
"The vulnerability is caused due to predictable DNS "Transaction ID" field in DNS queries and can be exploited to poison the DNS cache of an application using the library if a valid ID is guessed."
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-3152, CVE-2007-3153: c-ares < 1.4.0 DNS cache poisoning vulnerability
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243591
ville.skytta@iki.fi changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|c-ares < 1.4.0 DNS cache |CVE-2007-3152, CVE-2007- |poisoning vulnerability |3153: c-ares < 1.4.0 DNS | |cache poisoning | |vulnerability
------- Additional Comments From ville.skytta@iki.fi 2007-06-14 17:11 EST ------- CVE id's assigned: CVE-2007-3152, CVE-2007-3153
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-3152, CVE-2007-3153: c-ares older than 1.4.0 DNS cache poisoning vulnerability
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243591
bugzilla@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Product|Fedora Extras |Fedora
jkeating@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|CVE-2007-3152, CVE-2007- |CVE-2007-3152, CVE-2007- |3153: c-ares < 1.4.0 DNS |3153: c-ares older than |cache poisoning |1.4.0 DNS cache poisoning |vulnerability |vulnerability
------- Additional Comments From jkeating@redhat.com 2007-06-27 10:46 EST ------- change of subject to not trip up bodhi
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-3152, CVE-2007-3153: c-ares older than 1.4.0 DNS cache poisoning vulnerability
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243591
------- Additional Comments From updates@fedoraproject.org 2007-06-27 21:52 EST ------- c-ares-1.4.0-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-3152, CVE-2007-3153: c-ares older than 1.4.0 DNS cache poisoning vulnerability
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243591
updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |ERRATA Fixed In Version| |1.4.0-1.fc7
security@lists.fedoraproject.org
-
Red Hat Bugzilla