FreeBSD : c-ares -- DNS Cache Poisoning Vulnerability (70ae62b0-16b0-11dc-b803-0016179b2dd5)

Secunia reports : The vulnerability is caused due to predictable DNS 'Transaction ID' field in DNS queries and can be exploited to poison the DNS cache of an application using the library if a valid ID is guessed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packa...

CVE-2007-3152

CVE-2007-3152 affects c-ares up to 1.4.0, where a predictable seed for the DNS Transaction ID RNG can allow remote attackers to guess IDs and spoof DNS responses. Affected: c-ares