-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: udns Subject: udns: Transaction ID and Source Port not random enough Version: 0.0.9-2 Severity: grave Tags: security
Consecutive queries use the same initial fixed random port and consecutive transaction IDs. This allow exploits using spoofing, as described in CVE-2008-1447, related to bind and others. - - - -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.26 (PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkiVw9MACgkQyTpryRcqtS0pYQCcDee7Sb4lk/Q+EPnlbh6ZE6eR qAUAoIK5L3GexOc5NUXGHhmrsDjge9Nn =8APJ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
