c-ares

• Author: vmiklos
• Vulnerable: 1.3.2-2
• Unaffected: 1.4.0-1terminus1

A vulnerability has been reported in c-ares, which can be exploited by malicious people to poison the DNS cache. The vulnerability is caused due to predictable DNS “Transaction ID” field in DNS queries and can be exploited to poison the DNS cache of an application using the library if a valid ID is guessed.

• Bug Tracker URL: http://bugs.frugalware.org/task/2159

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3152
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3153