Subject: Re: DNS Cache Poisoning vulnerability (CVE-2008-1447, VU#800113)

Re: DNS Cache Poisoning vulnerability (CVE-2008-1447, VU#800113)

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 14 Jul 2008 16:50:53 +0200 (CEST)

On Mon, 14 Jul 2008, Ravi S wrote:

> Does anyone know if c-ares is vulnerable to DNS Cache poisoning
> vulnerability reported here: http://www.linux.com/feature/141080?

Not to my knowledge. c-ares got a "good" transaction ID in 1.4.0 and I don't
believe it fiddles with the source port.

Of course I'd be happy to get to know if someone else did any deeper and more
thorough analyses.

-- 
  / daniel.haxx.se
Received on 2008-07-14