perl-Net-DNS security issue

🗓️ 12 Jul 2007 09:01:00Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 1 Views

Header.pm in Net::DNS before 0.60 uses predictable DNS IDs and the same start ID across forks, enabling spoofed responses.

Reporter	Title	Published	Views	Family All 56
BDU FSTEC	Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information	28 Apr 201500:00	–	bdu_fstec
Tenable Nessus	CentOS 3 / 5 : perl-Net-DNS (CESA-2007:0674)	18 Jul 200700:00	–	nessus
Tenable Nessus	CentOS 4 : perl-Net-DNS (CESA-2007:0675)	18 Jul 200700:00	–	nessus
Tenable Nessus	Debian DSA-1515-1 : libnet-dns-perl - several vulnerabilities	13 Mar 200800:00	–	nessus
Tenable Nessus	FreeBSD : p5-Net-DNS -- multiple Vulnerabilities (d2b8a963-3d59-11dc-b3d3-0016179b2dd5)	30 Jul 200700:00	–	nessus
Tenable Nessus	GLSA-200708-06 : Net::DNS: Multiple vulnerabilities	13 Aug 200700:00	–	nessus
Tenable Nessus	Mandrake Linux Security Advisory : perl-Net-DNS (MDKSA-2007:146)	18 Jul 200700:00	–	nessus
Tenable Nessus	Oracle Linux 5 : Moderate: / perl-Net-DNS (ELSA-2007-0674)	12 Jul 201300:00	–	nessus
Tenable Nessus	Oracle Linux 4 : perl-Net-DNS (ELSA-2007-0675)	12 Jul 201300:00	–	nessus
Tenable Nessus	RHEL 3 / 5 : perl-Net-DNS (RHSA-2007:0674)	18 Jul 200700:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	4	i386	perl-net-dns	0:0.48-2.el4	perl-Net-DNS-0:0.48-2.el4.i386.rpm
Red Hat Enterprise Linux	4	ia64	perl-net-dns	0:0.48-2.el4	perl-Net-DNS-0:0.48-2.el4.ia64.rpm
Red Hat Enterprise Linux	4	ppc	perl-net-dns	0:0.48-2.el4	perl-Net-DNS-0:0.48-2.el4.ppc.rpm
Red Hat Enterprise Linux	4	s390	perl-net-dns	0:0.48-2.el4	perl-Net-DNS-0:0.48-2.el4.s390.rpm
Red Hat Enterprise Linux	4	s390x	perl-net-dns	0:0.48-2.el4	perl-Net-DNS-0:0.48-2.el4.s390x.rpm
Red Hat Enterprise Linux	4	x86_64	perl-net-dns	0:0.48-2.el4	perl-Net-DNS-0:0.48-2.el4.x86_64.rpm
Red Hat Enterprise Linux	4	i386	perl-net-dns-debuginfo	0:0.48-2.el4	perl-Net-DNS-debuginfo-0:0.48-2.el4.i386.rpm
Red Hat Enterprise Linux	4	ia64	perl-net-dns-debuginfo	0:0.48-2.el4	perl-Net-DNS-debuginfo-0:0.48-2.el4.ia64.rpm
Red Hat Enterprise Linux	4	ppc	perl-net-dns-debuginfo	0:0.48-2.el4	perl-Net-DNS-debuginfo-0:0.48-2.el4.ppc.rpm
Red Hat Enterprise Linux	4	s390	perl-net-dns-debuginfo	0:0.48-2.el4	perl-Net-DNS-debuginfo-0:0.48-2.el4.s390.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2007-3377
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2007-3377
cve	www.cve.org/CVERecord

21 Nov 2025 17:31Current

5.9Medium risk

Vulners AI Score5.9

CVSS 24.3

EPSS0.03567

Net DNS Header module DNS IDs forking server spoofed responses security vulnerability