FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

c-ares -- DNS Cache Poisoning Vulnerability

Affected packages
c-ares < 1.4.0

Details

VuXML ID 70ae62b0-16b0-11dc-b803-0016179b2dd5
Discovery 2007-06-08
Entry 2007-06-09
Modified 2010-05-12

Secunia reports:

The vulnerability is caused due to predictable DNS "Transaction ID" field in DNS queries and can be exploited to poison the DNS cache of an application using the library if a valid ID is guessed.

[source]

References

CVE Name CVE-2007-3152
CVE Name CVE-2007-3153
URL http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD&content-type=text/vnd.viewcvs-markup
URL http://secunia.com/advisories/25579/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.