5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.143 Low
EPSS
Percentile
94.9%
Several remote vulnerabilities have been discovered in libnet-dns-perl.
The Common Vulnerabilities and Exposures project identifies the
following problems:
It was discovered that libnet-dns-perl generates very weak transaction
IDs when sending queries (CVE-2007-3377). This update switches
transaction ID generation to the Perl random generator, making
prediction attacks more difficult.
Compression loops in domain names resulted in an infinite loop in the
domain name expander written in Perl (CVE-2007-3409). The Debian
package uses an expander written in C by default, but this vulnerability
has been addressed nevertheless.
Decoding malformed A records could lead to a crash (via an uncaught
Perl exception) of certain applications using libnet-dns-perl
(CVE-2007-6341).
For the old stable distribution (sarge), these problems have been fixed in
version 0.48-1sarge1.
For the stable distribution (etch), these problems have been fixed in
version 0.59-1etch1.
We recommend that you upgrade your libnet-dns-perl package.
CPE | Name | Operator | Version |
---|---|---|---|
libnet-dns-perl | eq | 0.59-1 |