If I'm not mistaken, that issue was corrected in v1.4.0:
Initial Patch submitted here:
http://daniel.haxx.se/projects/c-ares/mail/c-ares-archive-2007-05/0013.shtml
Vulnerability Announcement:
http://daniel.haxx.se/projects/c-ares/mail/c-ares-archive-2007-06/0011.shtml
-Brad
Ravi S wrote:
> Does anyone know if c-ares is vulnerable to DNS Cache poisoning
> vulnerability reported here: http://www.linux.com/feature/141080?
>
> Related Links
> -------------
> CERT Vulnerability page: http://www.kb.cert.org/vuls/id/800113
> CVE page: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
>
> --
> --Ravi
> Coming Soon: Signature 2.0 (Beta)
>
Received on 2008-07-14