Mandrake Linux Security Advisory : perl-Net-DNS (MDKSA-2007:146)
Medium Nessus Plugin ID 25721
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionA flaw was discovered in the perl Net::DNS module in the way it generated the ID field in a DNS query. Because it is so predictable, a remote attacker could exploit this to return invalid DNS data (CVE-2007-3377).
A denial of service vulnerability was found in how Net::DNS parsed certain DNS requests. A malformed response to a DNS request could cause the application using Net::DNS to crash or stop responding (CVE-2007-3409).
The updated packages have been patched to prevent these issues.
SolutionUpdate the affected perl-Net-DNS package.