GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the products intended role in a trusted environment.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Adns | Gnu | 0.5 | 0.5 |
Adns | Gnu | 0.9 | 0.9 |
Adns | Gnu | * | 1.4 |
Adns | Gnu | 1.0 | 1.0 |
Adns | Gnu | 0.8 | 0.8 |
Adns | Gnu | 0.2 | 0.2 |
Adns | Gnu | 0.6 | 0.6 |
Adns | Gnu | 1.3 | 1.3 |
Adns | Gnu | 1.2 | 1.2 |
Adns | Gnu | 0.3 | 0.3 |
Adns | Gnu | 1.1 | 1.1 |
Adns | Gnu | 0.4 | 0.4 |
Adns | Gnu | 0.1 | 0.1 |
Adns | Gnu | 0.7 | 0.7 |