CVE-2007-3152 | Vulnerability Database | Aqua Security

c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value.

Affected Software

Name	Vendor	Start Version	End Version
C-ares	Daniel_stenberg	1.0 (including)	1.0 (including)
C-ares	Daniel_stenberg	1.1 (including)	1.1 (including)
C-ares	Daniel_stenberg	1.2 (including)	1.2 (including)
C-ares	Daniel_stenberg	1.2.1 (including)	1.2.1 (including)
C-ares	Daniel_stenberg	1.3 (including)	1.3 (including)
C-ares	Daniel_stenberg	1.3.1 (including)	1.3.1 (including)
C-ares	Daniel_stenberg	1.3.2 (including)	1.3.2 (including)

References

http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD\u0026content-type=text/vnd.viewcvs-markup
http://osvdb.org/37171
http://secunia.com/advisories/25579
http://www.securityfocus.com/bid/24386
https://exchange.xforce.ibmcloud.com/vulnerabilities/34979
http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD\u0026content-type=text/vnd.viewcvs-markup
http://osvdb.org/37171
http://secunia.com/advisories/25579
http://www.securityfocus.com/bid/24386
https://exchange.xforce.ibmcloud.com/vulnerabilities/34979

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-3152
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html