CVE-2022-34295

totd before 1.5.3 does not properly randomize mesg IDs...

CVE-2022-34294

totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks...

CVE-2022-34294

totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks...

CVE-2022-34294

The CVE-2022-34294 entry concerns totd 1.5.3, a small DNS proxy nameserver. The issue is that upstream DNS queries use a fixed UDP source port, providing insufficient entropy and enabling DNS cache poisoning. Affected component: totd 1.5.3. Root cause: fixed UDP source port in upstream queries to...

PT-2022-22110 · Totd · Totd

Name of the Vulnerable Software and Affected Versions: totd version 1.5.3 Description: The issue allows DNS cache poisoning due to the use of a fixed UDP source port in upstream queries sent to DNS resolvers, resulting in insufficient entropy to prevent traffic injection attacks. Recommendations:...

CVE-2022-34295

totd before 1.5.3 does not properly randomize mesg IDs...

CVE-2022-34295

CVE-2022-34295 affects totd, a DNS proxy nameserver by F.W. Dillema. The flaw stems from improper randomization of message IDs in versions prior to 1.5.3. The impact is exposure of how messages are matched/handled due to weak ID randomness, with the CVSS metrics indicating moderate severity (CVSS...