On Mon, 14 Jul 2008, Ravi S wrote:
> Does anyone know if c-ares is vulnerable to DNS Cache poisoning
> vulnerability reported here: http://www.linux.com/feature/141080?
Not to my knowledge. c-ares got a "good" transaction ID in 1.4.0 and I don't
believe it fiddles with the source port.
Of course I'd be happy to get to know if someone else did any deeper and more
thorough analyses.
-- / daniel.haxx.seReceived on 2008-07-14