Vulnerability Description
Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Net-Dns | Net\ | < 0.60, \ |
| Debian | Debian Linux | 3.1 |
| Canonical | Ubuntu Linux | 6.06 |
Related Weaknesses (CWE)
References
- ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.ascBroken Link
- http://osvdb.org/37054Broken Link
- http://rt.cpan.org/Public/Bug/Display.html?id=27285Broken Link
- http://secunia.com/advisories/25829Broken Link
- http://secunia.com/advisories/26012Broken Link
- http://secunia.com/advisories/26014Broken Link
- http://secunia.com/advisories/26055Broken Link
- http://secunia.com/advisories/26075Broken Link
- http://secunia.com/advisories/26211Broken Link
- http://secunia.com/advisories/26231Broken Link
- http://secunia.com/advisories/26417Broken Link
- http://secunia.com/advisories/26543Broken Link
- http://secunia.com/advisories/29354Broken Link
- http://www.debian.org/security/2008/dsa-1515Mailing ListThird Party Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200708-06.xmlThird Party Advisory
FAQ
What is CVE-2007-3409?
CVE-2007-3409 is a vulnerability with a CVSS score of 7.5 (HIGH). Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an in...
How severe is CVE-2007-3409?
CVE-2007-3409 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3409?
Check the references section above for vendor advisories and patch information. Affected products include: Net-Dns Net\, Debian Debian Linux, Canonical Ubuntu Linux.