GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment.
Software | From | Fixed in |
---|---|---|
gnu / adns | - | 1.4.x |
gnu / adns | 0.1 | 0.1.x |
gnu / adns | 0.2 | 0.2.x |
gnu / adns | 0.3 | 0.3.x |
gnu / adns | 0.4 | 0.4.x |
gnu / adns | 0.5 | 0.5.x |
gnu / adns | 0.6 | 0.6.x |
gnu / adns | 0.7 | 0.7.x |
gnu / adns | 0.8 | 0.8.x |
gnu / adns | 0.9 | 0.9.x |
gnu / adns | 1.0 | 1.0.x |
gnu / adns | 1.1 | 1.1.x |
gnu / adns | 1.2 | 1.2.x |
gnu / adns | 1.3 | 1.3.x |