GNU adns 1.4 and previous versions uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote malicious users to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu adns 0.5 |
||
gnu adns 0.9 |
||
gnu adns |
||
gnu adns 1.0 |
||
gnu adns 0.8 |
||
gnu adns 0.2 |
||
gnu adns 0.6 |
||
gnu adns 1.3 |
||
gnu adns 1.2 |
||
gnu adns 0.3 |
||
gnu adns 1.1 |
||
gnu adns 0.4 |
||
gnu adns 0.1 |
||
gnu adns 0.7 |