Vulnerability Description
Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nlnet Labs | Net Dns | 0.14 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
- http://osvdb.org/37053
- http://rt.cpan.org/Public/Bug/Display.html?id=23961
- http://secunia.com/advisories/25829
- http://secunia.com/advisories/26012
- http://secunia.com/advisories/26014
- http://secunia.com/advisories/26055
- http://secunia.com/advisories/26075
- http://secunia.com/advisories/26211
- http://secunia.com/advisories/26231
- http://secunia.com/advisories/26417
- http://secunia.com/advisories/26508
- http://secunia.com/advisories/26543
- http://secunia.com/advisories/29354
- http://support.avaya.com/elmodocs2/security/ASA-2007-351.htm
FAQ
What is CVE-2007-3377?
CVE-2007-3377 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which ...
How severe is CVE-2007-3377?
CVE-2007-3377 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3377?
Check the references section above for vendor advisories and patch information. Affected products include: Nlnet Labs Net Dns.