Executive Summary
| Summary | |
|---|---|
| Title | libnet-dns-perl vulnerability |
| Informations | |||
|---|---|---|---|
| Name | USN-594-1 | First vendor Publication | 2008-03-26 |
| Vendor | Ubuntu | Last vendor Modification | 2008-03-26 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 6.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Net::DNS did not correctly validate the size of DNS replies. A remote attacker could send a specially crafted DNS response and cause applications using Net::DNS to abort, leading to a denial of service. |
Original Source
| Url : http://www.ubuntu.com/usn/USN-594-1 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:17761 | |||
| Oval ID: | oval:org.mitre.oval:def:17761 | ||
| Title: | USN-594-1 -- libnet-dns-perl vulnerability | ||
| Description: | It was discovered that Net::DNS did not correctly validate the size of DNS replies. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-594-1 CVE-2007-6341 | Version: | 7 |
| Platform(s): | Ubuntu 6.06 Ubuntu 6.10 | Product(s): | libnet-dns-perl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:20002 | |||
| Oval ID: | oval:org.mitre.oval:def:20002 | ||
| Title: | DSA-1515-1 libnet-dns-perl - several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in libnet-dns-perl. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1515-1 CVE-2007-3377 CVE-2007-3409 CVE-2007-6341 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libnet-dns-perl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8232 | |||
| Oval ID: | oval:org.mitre.oval:def:8232 | ||
| Title: | DSA-1515 libnet-dns-perl -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in libnet-dns-perl. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that libnet-dns-perl generates very weak transaction IDs when sending queries (CVE-2007-3377). This update switches transaction ID generation to the Perl random generator, making prediction attacks more difficult. Compression loops in domain names resulted in an infinite loop in the domain name expander written in Perl (CVE-2007-3409). The Debian package uses an expander written in C by default, but this vulnerability has been addressed nevertheless. Decoding malformed A records could lead to a crash (via an uncaught Perl exception) of certain applications using libnet-dns-perl (CVE-2007-6341). | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1515 CVE-2007-3377 CVE-2007-3409 CVE-2007-6341 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 | Product(s): | libnet-dns-perl |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-04-09 | Name : Mandriva Update for perl-Net-DNS MDVSA-2008:073 (perl-Net-DNS) File : nvt/gb_mandriva_MDVSA_2008_073.nasl |
| 2009-03-23 | Name : Ubuntu Update for libnet-dns-perl vulnerability USN-594-1 File : nvt/gb_ubuntu_USN_594_1.nasl |
| 2008-03-19 | Name : Debian Security Advisory DSA 1515-1 (libnet-dns-perl) File : nvt/deb_1515_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 43106 | Perl Net::DNS Module Net/DNS/RR/A.pm Malformed DNS Response DoS Perl Net::DNS Module contains a flaw that may allow a remote denial of service. The issue is triggered when a remote malicious attacker sends malformed DNS response, and will result in loss of availability for the service. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-04-23 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2008-073.nasl - Type : ACT_GATHER_INFO |
| 2008-03-28 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-594-1.nasl - Type : ACT_GATHER_INFO |
| 2008-03-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1515.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 12:05:00 |
|
