CVE-2007-3377

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2007-3377
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2007-3377.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2007-3377
Related
Published
2007-06-25T21:30:00Z
Modified
2024-06-30T12:01:22Z
Summary
[none]
Details

Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.

References

Affected packages

Debian:11 / libnet-dns-perl

Package

Name
libnet-dns-perl
Purl
pkg:deb/debian/libnet-dns-perl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.60-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / libnet-dns-perl

Package

Name
libnet-dns-perl
Purl
pkg:deb/debian/libnet-dns-perl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.60-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / libnet-dns-perl

Package

Name
libnet-dns-perl
Purl
pkg:deb/debian/libnet-dns-perl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.60-1

Ecosystem specific

{
    "urgency": "low"
}