CVE-2007-3377

Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.

🔗 References (62)

• secalert@redhatftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
• secalert@redhathttp://osvdb.org/37053
• secalert@redhathttp://rt.cpan.org/Public/Bug/Display.html?id=23961
• secalert@redhathttp://secunia.com/advisories/25829
• secalert@redhathttp://secunia.com/advisories/26012
• secalert@redhathttp://secunia.com/advisories/26014
• secalert@redhathttp://secunia.com/advisories/26055
• secalert@redhathttp://secunia.com/advisories/26075
• secalert@redhathttp://secunia.com/advisories/26211
• secalert@redhathttp://secunia.com/advisories/26231
• secalert@redhathttp://secunia.com/advisories/26417
• secalert@redhathttp://secunia.com/advisories/26508
• secalert@redhathttp://secunia.com/advisories/26543
• secalert@redhathttp://secunia.com/advisories/29354
• secalert@redhathttp://support.avaya.com/elmodocs2/security/ASA-2007-351.htm