Description
PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
Exploits
No known exploits found for this CVE.
Search Exploit-DBReferences
secalert@redhat.com
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490217secalert@redhat.com
http://packages.debian.org/changelogs/pool/main/p/python-dns/python-dns_2.3.3-1/changelogsecalert@redhat.com
http://www.openwall.com/lists/oss-security/2008/09/11/1secalert@redhat.com
http://www.openwall.com/lists/oss-security/2008/09/16/4af854a3a-2127-422b-91ae-364da2661108
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490217af854a3a-2127-422b-91ae-364da2661108
http://packages.debian.org/changelogs/pool/main/p/python-dns/python-dns_2.3.3-1/changelogaf854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2008/09/11/1af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2008/09/16/4