Vulnerability Description
The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Daniel Stenberg | C-Ares | 1.0 |
References
- http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD&content-type=text/vnd.vie
- http://osvdb.org/37172
- http://www.securityfocus.com/bid/24386
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34980
- http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD&content-type=text/vnd.vie
- http://osvdb.org/37172
- http://www.securityfocus.com/bid/24386
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34980
FAQ
What is CVE-2007-3153?
CVE-2007-3153 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to ...
How severe is CVE-2007-3153?
CVE-2007-3153 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3153?
Check the references section above for vendor advisories and patch information. Affected products include: Daniel Stenberg C-Ares.