Showing 1 - 4 of 4

CVE-2007-3409

Status Candidate

Overview

Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.

Related Files

Debian Linux Security Advisory 1515-1: Posted Mar 13, 2008; Authored by Debian | Site debian.org; Debian Security Advisory 1515-1 - Several remote vulnerabilities have been discovered in libnet-dns-perl. It was discovered that libnet-dns-perl generates very weak transaction IDs when sending queries. Compression loops in domain names resulted in an infinite loop in the domain name expander written in Perl. Decoding malformed A records could lead to a crash (via an uncaught Perl exception) of certain applications using libnet-dns-perl.; tags | advisory, remote, perl, vulnerability; systems | linux, debian; advisories | CVE-2007-3377, CVE-2007-3409, CVE-2007-6341; SHA-256 | 95b8751754bf10a5736d5150d20d347f29ab1f8f048173f91c584192b1b6fa13; Download | Favorite | View

Gentoo Linux Security Advisory 200708-6: Posted Aug 14, 2007; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory GLSA 200708-06 - hjp discovered an error when handling DNS query IDs which make them partially predictable. Steffen Ullrich discovered an error in the dn_expand() function which could lead to an endless loop. Versions less than 0.60 are affected.; tags | advisory; systems | linux, gentoo; advisories | CVE-2007-3377, CVE-2007-3409; SHA-256 | 59cd929ff364da7d666efcbc165c756816e258c729bf01d9358b4fe11deba8da; Download | Favorite | View

Ubuntu Security Notice 483-1: Posted Jul 13, 2007; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 483-1 - Peter Johannes Holzer discovered that the Net::DNS Perl module had predictable sequence numbers. This could allow remote attackers to carry out DNS spoofing, leading to possible man-in-the-middle attacks. Steffen Ullrich discovered that the Net::DNS Perl module did not correctly detect recursive compressed responses. A remote attacker could send a specially crafted packet, causing applications using Net::DNS to crash or monopolize CPU resources, leading to a denial of service.; tags | advisory, remote, denial of service, perl, spoof; systems | linux, ubuntu; advisories | CVE-2007-3377, CVE-2007-3409; SHA-256 | 23402e1eb87ebdef781c7ff730c5104d8411dfcb246b85b8f53f40de76c8bfb0; Download | Favorite | View

Mandriva Linux Security Advisory 2007.146: Posted Jul 13, 2007; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory - A flaw was discovered in the perl Net::DNS module in the way it generated the ID field in a DNS query. Because it is so predictable, a remote attacker could exploit this to return invalid DNS data. A denial of service vulnerability was found in how Net::DNS parsed certain DNS requests. A malformed response to a DNS request could cause the application using Net::DNS to crash or stop responding.; tags | advisory, remote, denial of service, perl; systems | linux, mandriva; advisories | CVE-2007-3377, CVE-2007-3409; SHA-256 | c2a2cee9cc049306a5cd40b0e59a19a5592f58175929efba008c2a59967d82af; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CVE-2007-3409

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems