ID CVE-2007-3409
Summary Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.
References
Vulnerable Configurations
  • cpe:2.3:a:nlnet_labs:net_dns:0.14
    cpe:2.3:a:nlnet_labs:net_dns:0.14
  • cpe:2.3:a:nlnet_labs:net_dns:0.20
    cpe:2.3:a:nlnet_labs:net_dns:0.20
  • cpe:2.3:a:nlnet_labs:net_dns:0.21
    cpe:2.3:a:nlnet_labs:net_dns:0.21
  • cpe:2.3:a:nlnet_labs:net_dns:0.22
    cpe:2.3:a:nlnet_labs:net_dns:0.22
  • cpe:2.3:a:nlnet_labs:net_dns:0.23
    cpe:2.3:a:nlnet_labs:net_dns:0.23
  • cpe:2.3:a:nlnet_labs:net_dns:0.24
    cpe:2.3:a:nlnet_labs:net_dns:0.24
  • cpe:2.3:a:nlnet_labs:net_dns:0.25
    cpe:2.3:a:nlnet_labs:net_dns:0.25
  • cpe:2.3:a:nlnet_labs:net_dns:0.26
    cpe:2.3:a:nlnet_labs:net_dns:0.26
  • cpe:2.3:a:nlnet_labs:net_dns:0.27
    cpe:2.3:a:nlnet_labs:net_dns:0.27
  • cpe:2.3:a:nlnet_labs:net_dns:0.28
    cpe:2.3:a:nlnet_labs:net_dns:0.28
  • cpe:2.3:a:nlnet_labs:net_dns:0.29
    cpe:2.3:a:nlnet_labs:net_dns:0.29
  • cpe:2.3:a:nlnet_labs:net_dns:0.30
    cpe:2.3:a:nlnet_labs:net_dns:0.30
  • cpe:2.3:a:nlnet_labs:net_dns:0.31
    cpe:2.3:a:nlnet_labs:net_dns:0.31
  • cpe:2.3:a:nlnet_labs:net_dns:0.32
    cpe:2.3:a:nlnet_labs:net_dns:0.32
  • cpe:2.3:a:nlnet_labs:net_dns:0.33
    cpe:2.3:a:nlnet_labs:net_dns:0.33
  • cpe:2.3:a:nlnet_labs:net_dns:0.34
    cpe:2.3:a:nlnet_labs:net_dns:0.34
  • cpe:2.3:a:nlnet_labs:net_dns:0.34_02
    cpe:2.3:a:nlnet_labs:net_dns:0.34_02
  • cpe:2.3:a:nlnet_labs:net_dns:0.34_03
    cpe:2.3:a:nlnet_labs:net_dns:0.34_03
  • cpe:2.3:a:nlnet_labs:net_dns:0.35
    cpe:2.3:a:nlnet_labs:net_dns:0.35
  • cpe:2.3:a:nlnet_labs:net_dns:0.36
    cpe:2.3:a:nlnet_labs:net_dns:0.36
  • cpe:2.3:a:nlnet_labs:net_dns:0.37
    cpe:2.3:a:nlnet_labs:net_dns:0.37
  • cpe:2.3:a:nlnet_labs:net_dns:0.38
    cpe:2.3:a:nlnet_labs:net_dns:0.38
  • cpe:2.3:a:nlnet_labs:net_dns:0.38_01
    cpe:2.3:a:nlnet_labs:net_dns:0.38_01
  • cpe:2.3:a:nlnet_labs:net_dns:0.38_02
    cpe:2.3:a:nlnet_labs:net_dns:0.38_02
  • cpe:2.3:a:nlnet_labs:net_dns:0.39
    cpe:2.3:a:nlnet_labs:net_dns:0.39
  • cpe:2.3:a:nlnet_labs:net_dns:0.39_01
    cpe:2.3:a:nlnet_labs:net_dns:0.39_01
  • cpe:2.3:a:nlnet_labs:net_dns:0.39_02
    cpe:2.3:a:nlnet_labs:net_dns:0.39_02
  • cpe:2.3:a:nlnet_labs:net_dns:0.40
    cpe:2.3:a:nlnet_labs:net_dns:0.40
  • cpe:2.3:a:nlnet_labs:net_dns:0.40_01
    cpe:2.3:a:nlnet_labs:net_dns:0.40_01
  • cpe:2.3:a:nlnet_labs:net_dns:0.41
    cpe:2.3:a:nlnet_labs:net_dns:0.41
  • cpe:2.3:a:nlnet_labs:net_dns:0.42
    cpe:2.3:a:nlnet_labs:net_dns:0.42
  • cpe:2.3:a:nlnet_labs:net_dns:0.42_01
    cpe:2.3:a:nlnet_labs:net_dns:0.42_01
  • cpe:2.3:a:nlnet_labs:net_dns:0.42_02
    cpe:2.3:a:nlnet_labs:net_dns:0.42_02
  • cpe:2.3:a:nlnet_labs:net_dns:0.43
    cpe:2.3:a:nlnet_labs:net_dns:0.43
  • cpe:2.3:a:nlnet_labs:net_dns:0.44
    cpe:2.3:a:nlnet_labs:net_dns:0.44
  • cpe:2.3:a:nlnet_labs:net_dns:0.44_01
    cpe:2.3:a:nlnet_labs:net_dns:0.44_01
  • cpe:2.3:a:nlnet_labs:net_dns:0.44_02
    cpe:2.3:a:nlnet_labs:net_dns:0.44_02
  • cpe:2.3:a:nlnet_labs:net_dns:0.45
    cpe:2.3:a:nlnet_labs:net_dns:0.45
  • cpe:2.3:a:nlnet_labs:net_dns:0.45_01
    cpe:2.3:a:nlnet_labs:net_dns:0.45_01
  • cpe:2.3:a:nlnet_labs:net_dns:0.46
    cpe:2.3:a:nlnet_labs:net_dns:0.46
  • cpe:2.3:a:nlnet_labs:net_dns:0.47
    cpe:2.3:a:nlnet_labs:net_dns:0.47
  • cpe:2.3:a:nlnet_labs:net_dns:0.47_01
    cpe:2.3:a:nlnet_labs:net_dns:0.47_01
  • cpe:2.3:a:nlnet_labs:net_dns:0.48
    cpe:2.3:a:nlnet_labs:net_dns:0.48
  • cpe:2.3:a:nlnet_labs:net_dns:0.48_01
    cpe:2.3:a:nlnet_labs:net_dns:0.48_01
  • cpe:2.3:a:nlnet_labs:net_dns:0.48_02
    cpe:2.3:a:nlnet_labs:net_dns:0.48_02
  • cpe:2.3:a:nlnet_labs:net_dns:0.48_03
    cpe:2.3:a:nlnet_labs:net_dns:0.48_03
  • cpe:2.3:a:nlnet_labs:net_dns:0.49
    cpe:2.3:a:nlnet_labs:net_dns:0.49
  • cpe:2.3:a:nlnet_labs:net_dns:0.49_01
    cpe:2.3:a:nlnet_labs:net_dns:0.49_01
  • cpe:2.3:a:nlnet_labs:net_dns:0.49_02
    cpe:2.3:a:nlnet_labs:net_dns:0.49_02
  • cpe:2.3:a:nlnet_labs:net_dns:0.49_03
    cpe:2.3:a:nlnet_labs:net_dns:0.49_03
  • cpe:2.3:a:nlnet_labs:net_dns:0.50
    cpe:2.3:a:nlnet_labs:net_dns:0.50
  • cpe:2.3:a:nlnet_labs:net_dns:0.51
    cpe:2.3:a:nlnet_labs:net_dns:0.51
  • cpe:2.3:a:nlnet_labs:net_dns:0.51_01
    cpe:2.3:a:nlnet_labs:net_dns:0.51_01
  • cpe:2.3:a:nlnet_labs:net_dns:0.51_02
    cpe:2.3:a:nlnet_labs:net_dns:0.51_02
  • cpe:2.3:a:nlnet_labs:net_dns:0.52
    cpe:2.3:a:nlnet_labs:net_dns:0.52
  • cpe:2.3:a:nlnet_labs:net_dns:0.53
    cpe:2.3:a:nlnet_labs:net_dns:0.53
  • cpe:2.3:a:nlnet_labs:net_dns:0.53_01
    cpe:2.3:a:nlnet_labs:net_dns:0.53_01
  • cpe:2.3:a:nlnet_labs:net_dns:0.53_02
    cpe:2.3:a:nlnet_labs:net_dns:0.53_02
  • cpe:2.3:a:nlnet_labs:net_dns:0.54
    cpe:2.3:a:nlnet_labs:net_dns:0.54
  • cpe:2.3:a:nlnet_labs:net_dns:0.55
    cpe:2.3:a:nlnet_labs:net_dns:0.55
  • cpe:2.3:a:nlnet_labs:net_dns:0.56
    cpe:2.3:a:nlnet_labs:net_dns:0.56
  • cpe:2.3:a:nlnet_labs:net_dns:0.57
    cpe:2.3:a:nlnet_labs:net_dns:0.57
  • cpe:2.3:a:nlnet_labs:net_dns:0.58
    cpe:2.3:a:nlnet_labs:net_dns:0.58
  • cpe:2.3:a:nlnet_labs:net_dns:0.59
    cpe:2.3:a:nlnet_labs:net_dns:0.59
CVSS
Base: 4.3 (as of 27-06-2007 - 14:01)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11702.NASL
    description perl-Net-DNS uses sequential IDs for DNS lookups which could cause problems with some programs like spamassassin. It potentially also simplifies DNS spoofing attacks against perl-Net-DNS. (CVE-2007-3377) Additionally, malformed compressed DNS packets could trigger an endless loop in perl-Net-DNS. (CVE-2007-3409)
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41146
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41146
    title SuSE9 Security Update : perl-Net-DNS (YOU Patch Number 11702)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0674.NASL
    description Updated perl-Net-DNS packages that correct two security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Net::DNS is a collection of Perl modules that act as a Domain Name System (DNS) resolver. A flaw was found in the way Net::DNS generated the ID field in a DNS query. This predictable ID field could be used by a remote attacker to return invalid DNS data. (CVE-2007-3377) A denial of service flaw was found in the way Net::DNS parsed certain DNS requests. A malformed response to a DNS request could cause the application using Net::DNS to crash or stop responding. (CVE-2007-3409) Users of Net::DNS should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25726
    published 2007-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25726
    title RHEL 3 / 5 : perl-Net-DNS (RHSA-2007:0674)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_D2B8A9633D5911DCB3D30016179B2DD5.NASL
    description A Secunia Advisory reports : An error exists in the handling of DNS queries where IDs are incremented with a fixed value and are additionally used for child processes in a forking server. This can be exploited to poison the DNS cache of an application using the module if a valid ID is guessed. An error in the PP implementation within the 'dn_expand()' function can be exploited to cause a stack overflow due to an endless loop via a specially crafted DNS packet.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25807
    published 2007-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25807
    title FreeBSD : p5-Net-DNS -- multiple Vulnerabilities (d2b8a963-3d59-11dc-b3d3-0016179b2dd5)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1515.NASL
    description Several remote vulnerabilities have been discovered in libnet-dns-perl. The Common Vulnerabilities and Exposures project identifies the following problems : It was discovered that libnet-dns-perl generates very weak transaction IDs when sending queries (CVE-2007-3377 ). This update switches transaction ID generation to the Perl random generator, making prediction attacks more difficult. Compression loops in domain names resulted in an infinite loop in the domain name expander written in Perl (CVE-2007-3409 ). The Debian package uses an expander written in C by default, but this vulnerability has been addressed nevertheless. Decoding malformed A records could lead to a crash (via an uncaught Perl exception) of certain applications using libnet-dns-perl (CVE-2007-6341 ).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 31426
    published 2008-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31426
    title Debian DSA-1515-1 : libnet-dns-perl - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_PERL-NET-DNS-3961.NASL
    description perl-Net-DNS used sequential IDs for DNS lookups which could cause problem with some programs like spamassassin. It potentially also simplified DNS spoofing attacks against perl-Net-DNS (CVE-2007-3377). Additionally malformed compressed DNS packets could trigger an endless loop in perl-Net-DNS (CVE-2007-3409).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27387
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27387
    title openSUSE 10 Security Update : perl-Net-DNS (perl-Net-DNS-3961)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-146.NASL
    description A flaw was discovered in the perl Net::DNS module in the way it generated the ID field in a DNS query. Because it is so predictable, a remote attacker could exploit this to return invalid DNS data (CVE-2007-3377). A denial of service vulnerability was found in how Net::DNS parsed certain DNS requests. A malformed response to a DNS request could cause the application using Net::DNS to crash or stop responding (CVE-2007-3409). The updated packages have been patched to prevent these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25721
    published 2007-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25721
    title Mandrake Linux Security Advisory : perl-Net-DNS (MDKSA-2007:146)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200708-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-200708-06 (Net::DNS: Multiple vulnerabilities) hjp discovered an error when handling DNS query IDs which make them partially predictable. Steffen Ullrich discovered an error in the dn_expand() function which could lead to an endless loop. Impact : A remote attacker could send a specially crafted DNS request to the server which could result in a Denial of Service with an infinite recursion, or perform a cache poisoning attack. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 25871
    published 2007-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25871
    title GLSA-200708-06 : Net::DNS: Multiple vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0674.NASL
    description From Red Hat Security Advisory 2007:0674 : Updated perl-Net-DNS packages that correct two security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Net::DNS is a collection of Perl modules that act as a Domain Name System (DNS) resolver. A flaw was found in the way Net::DNS generated the ID field in a DNS query. This predictable ID field could be used by a remote attacker to return invalid DNS data. (CVE-2007-3377) A denial of service flaw was found in the way Net::DNS parsed certain DNS requests. A malformed response to a DNS request could cause the application using Net::DNS to crash or stop responding. (CVE-2007-3409) Users of Net::DNS should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67541
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67541
    title Oracle Linux 5 : perl-Net-DNS (ELSA-2007-0674)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-483-1.NASL
    description Peter Johannes Holzer discovered that the Net::DNS Perl module had predictable sequence numbers. This could allow remote attackers to carry out DNS spoofing, leading to possible man-in-the-middle attacks. (CVE-2007-3377) Steffen Ullrich discovered that the Net::DNS Perl module did not correctly detect recursive compressed responses. A remote attacker could send a specially crafted packet, causing applications using Net::DNS to crash or monopolize CPU resources, leading to a denial of service. (CVE-2007-3409). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28084
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28084
    title Ubuntu 6.06 LTS / 6.10 : libnet-dns-perl vulnerabilities (USN-483-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0674.NASL
    description Updated perl-Net-DNS packages that correct two security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Net::DNS is a collection of Perl modules that act as a Domain Name System (DNS) resolver. A flaw was found in the way Net::DNS generated the ID field in a DNS query. This predictable ID field could be used by a remote attacker to return invalid DNS data. (CVE-2007-3377) A denial of service flaw was found in the way Net::DNS parsed certain DNS requests. A malformed response to a DNS request could cause the application using Net::DNS to crash or stop responding. (CVE-2007-3409) Users of Net::DNS should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25714
    published 2007-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25714
    title CentOS 3 / 5 : perl-Net-DNS (CESA-2007:0674)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_PERL-NET-DNS-4046.NASL
    description perl-Net-DNS used sequential IDs for DNS lookups which could cause problem with some programs like spamassassin. It potentially also simplified DNS spoofing attacks against perl-Net-DNS. (CVE-2007-3377) Additionally malformed compressed DNS packets could trigger an endless loop in perl-Net-DNS. (CVE-2007-3409)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29551
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29551
    title SuSE 10 Security Update : perl-Net-DNS (ZYPP Patch Number 4046)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070712_PERL_NET_DNS_ON_SL3_0_X.NASL
    description A flaw was found in the way Net::DNS generated the ID field in a DNS query. This predictable ID field could be used by a remote attacker to return invalid DNS data. (CVE-2007-3377) A denial of service flaw was found in the way Net::DNS parsed certain DNS requests. A malformed response to a DNS request could cause the application using Net::DNS to crash or stop responding. (CVE-2007-3409)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60223
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60223
    title Scientific Linux Security Update : perl-Net-DNS on SL3.0.x, SL4.x, SL5.x i386/x86_64
oval via4
accepted 2013-04-29T04:06:57.384-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.
family unix
id oval:org.mitre.oval:def:10595
status accepted
submitted 2010-07-09T03:56:16-04:00
title Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.
version 24
redhat via4
advisories
bugzilla
id 245804
title CVE-2007-3409 Perl Net::DNS denial of service
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • comment perl-Net-DNS is earlier than 0:0.31-4.el3
      oval oval:com.redhat.rhsa:tst:20070674002
    • comment perl-Net-DNS is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20070674003
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • comment perl-Net-DNS is earlier than 0:0.59-3.el5
      oval oval:com.redhat.rhsa:tst:20070674005
    • comment perl-Net-DNS is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20070674006
rhsa
id RHSA-2007:0674
released 2007-07-12
severity Moderate
title RHSA-2007:0674: perl-Net-DNS security update (Moderate)
rpms
  • perl-Net-DNS-0:0.31-4.el3
  • perl-Net-DNS-0:0.59-3.el5
refmap via4
bid 24669
bugtraq 20070717 rPSA-2007-0142-1 perl-Net-DNS
confirm
debian DSA-1515
gentoo GLSA-200708-06
mandriva MDKSA-2007:146
osvdb 37054
sectrack 1018376
secunia
  • 25829
  • 26012
  • 26014
  • 26055
  • 26075
  • 26211
  • 26231
  • 26417
  • 26543
  • 29354
sgi 20070701-01-P
suse SUSE-SR:2007:017
trustix 2007-0023
ubuntu USN-483-1
Last major update 30-10-2012 - 22:38
Published 26-06-2007 - 14:30
Last modified 16-10-2018 - 12:49
Back to Top