CVE - CVE-2007-3377

CVE-ID
CVE-2007-3377	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1018377 URL:http://www.securitytracker.com/id?1018377 MISC:2007-0023 URL:~~http://www.trustix.org/errata/2007/0023/~~ (Obsolete source - check if archived by the Wayback Machine) MISC:20070701-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc MISC:20070717 rPSA-2007-0142-1 perl-Net-DNS URL:http://www.securityfocus.com/archive/1/473871/100/0/threaded MISC:24669 URL:http://www.securityfocus.com/bid/24669 MISC:25829 URL:http://secunia.com/advisories/25829 MISC:26012 URL:http://secunia.com/advisories/26012 MISC:26014 URL:http://secunia.com/advisories/26014 MISC:26055 URL:http://secunia.com/advisories/26055 MISC:26075 URL:http://secunia.com/advisories/26075 MISC:26211 URL:http://secunia.com/advisories/26211 MISC:26231 URL:http://secunia.com/advisories/26231 MISC:26417 URL:http://secunia.com/advisories/26417 MISC:26508 URL:http://secunia.com/advisories/26508 MISC:26543 URL:http://secunia.com/advisories/26543 MISC:29354 URL:http://secunia.com/advisories/29354 MISC:37053 URL:~~http://osvdb.org/37053~~ (Obsolete source) MISC:DSA-1515 URL:http://www.debian.org/security/2008/dsa-1515 MISC:GLSA-200708-06 URL:http://www.gentoo.org/security/en/glsa/glsa-200708-06.xml MISC:MDKSA-2007:146 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:146~~ (Obsolete source) MISC:RHSA-2007:0674 URL:http://www.redhat.com/support/errata/RHSA-2007-0674.html MISC:RHSA-2007:0675 URL:http://www.redhat.com/support/errata/RHSA-2007-0675.html MISC:SUSE-SR:2007:017 URL:http://www.novell.com/linux/security/advisories/2007_17_sr.html MISC:USN-483-1 URL:http://www.ubuntu.com/usn/usn-483-1 MISC:http://rt.cpan.org/Public/Bug/Display.html?id=23961 URL:http://rt.cpan.org/Public/Bug/Display.html?id=23961 MISC:http://support.avaya.com/elmodocs2/security/ASA-2007-351.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2007-351.htm MISC:http://www.net-dns.org/docs/Changes.html URL:http://www.net-dns.org/docs/Changes.html MISC:http://www.nntp.perl.org/group/perl.qpsmtpd/2006/03/msg4810.html URL:http://www.nntp.perl.org/group/perl.qpsmtpd/2006/03/msg4810.html MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245458 URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245458 MISC:netdns-dns-responses-spoofing(35112) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/35112 MISC:oval:org.mitre.oval:def:9904 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9904
Assigning CNA
Red Hat, Inc.
Date Record Created
20070625	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070625)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)