Debian Security Advisory 1515-1 - Several remote vulnerabilities have been discovered in libnet-dns-perl. It was discovered that libnet-dns-perl generates very weak transaction IDs when sending queries. Compression loops in domain names resulted in an infinite loop in the domain name expander written in Perl. Decoding malformed A records could lead to a crash (via an uncaught Perl exception) of certain applications using libnet-dns-perl.
95b8751754bf10a5736d5150d20d347f29ab1f8f048173f91c584192b1b6fa13
Gentoo Linux Security Advisory GLSA 200708-06 - hjp discovered an error when handling DNS query IDs which make them partially predictable. Steffen Ullrich discovered an error in the dn_expand() function which could lead to an endless loop. Versions less than 0.60 are affected.
59cd929ff364da7d666efcbc165c756816e258c729bf01d9358b4fe11deba8da
Ubuntu Security Notice 483-1 - Peter Johannes Holzer discovered that the Net::DNS Perl module had predictable sequence numbers. This could allow remote attackers to carry out DNS spoofing, leading to possible man-in-the-middle attacks. Steffen Ullrich discovered that the Net::DNS Perl module did not correctly detect recursive compressed responses. A remote attacker could send a specially crafted packet, causing applications using Net::DNS to crash or monopolize CPU resources, leading to a denial of service.
23402e1eb87ebdef781c7ff730c5104d8411dfcb246b85b8f53f40de76c8bfb0
Mandriva Linux Security Advisory - A flaw was discovered in the perl Net::DNS module in the way it generated the ID field in a DNS query. Because it is so predictable, a remote attacker could exploit this to return invalid DNS data. A denial of service vulnerability was found in how Net::DNS parsed certain DNS requests. A malformed response to a DNS request could cause the application using Net::DNS to crash or stop responding.
c2a2cee9cc049306a5cd40b0e59a19a5592f58175929efba008c2a59967d82af