[Bug 243591] New: c-ares < 1.4.0 DNS cache poisoning vulnerability
bugzilla at redhat.com
bugzilla at redhat.com
Sun Jun 10 09:44:32 UTC 2007
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243591
Summary: c-ares < 1.4.0 DNS cache poisoning vulnerability
Product: Fedora Extras
Version: f7
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: medium
Component: c-ares
AssignedTo: tcallawa at redhat.com
ReportedBy: ville.skytta at iki.fi
QAContact: extras-qa at fedoraproject.org
CC: fedora-security-list at redhat.com
http://www.vuxml.org/freebsd/70ae62b0-16b0-11dc-b803-0016179b2dd5.html
"The vulnerability is caused due to predictable DNS "Transaction ID" field in
DNS queries and can be exploited to poison the DNS cache of an application using
the library if a valid ID is guessed."
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the security
mailing list