c-ares -- DNS Cache Poisoning Vulnerability

2007-06-08T00:00:00
ID 70AE62B0-16B0-11DC-B803-0016179B2DD5
Type freebsd
Reporter FreeBSD
Modified 2010-05-12T00:00:00

Description

Secunia reports:

The vulnerability is caused due to predictable DNS "Transaction ID" field in DNS queries and can be exploited to poison the DNS cache of an application using the library if a valid ID is guessed.