2 matches found
CVE-2007-3153
The CVE-2007-3153 entry describes a vulnerability in the c-ares library: on non-Windows platforms, ares_init:randomize_key uses a weak random-number source (Unix rand), enabling attackers to spoof DNS responses by guessing values. The issue is linked to multiple advisories and updates (e.g., Fedo...
CVE-2007-3152
CVE-2007-3152 affects c-ares up to 1.4.0, where a predictable seed for the DNS Transaction ID RNG can allow remote attackers to guess IDs and spoof DNS responses. Affected: c-ares