If I am correct, this issue is different from the cache poisoning due
to weak transaction ID. The details of this security bug is not
disclosed yet which seems odd for a security bug, hence I am not able
to understand the problem.
Can any security experts who are aware of this issue shed some light on this?
-- Coming Soon: Signature 2.0 (Beta) On Mon, Jul 14, 2008 at 8:25 PM, Brad House <brad_at_mainstreetsoftworks.com> wrote: > If I'm not mistaken, that issue was corrected in v1.4.0: > > Initial Patch submitted here: > http://daniel.haxx.se/projects/c-ares/mail/c-ares-archive-2007-05/0013.shtml > > Vulnerability Announcement: > http://daniel.haxx.se/projects/c-ares/mail/c-ares-archive-2007-06/0011.shtml > > -Brad > > Ravi S wrote: >> >> Does anyone know if c-ares is vulnerable to DNS Cache poisoning >> vulnerability reported here: http://www.linux.com/feature/141080? >> >> Related Links >> ------------- >> CERT Vulnerability page: http://www.kb.cert.org/vuls/id/800113 >> CVE page: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 >> >> -- >> --Ravi >> Coming Soon: Signature 2.0 (Beta) >> >Received on 2008-07-14