thr3ads.net - Secure testing commits - [Secure-testing-commits] r9267

If this information is useful, please help other people find it:
Share via:

fw at alioth.debian.org

2008-Jul-09 08:55 UTC

[Secure-testing-commits] r9267 - data/CVE

Author: fw
Date: 2008-07-09 08:55:33 +0000 (Wed, 09 Jul 2008)
New Revision: 9267

Modified:
   data/CVE/list
Log:
CVE-2008-1447: add more DNS implementations

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-07-08 23:15:14 UTC (rev 9266)
+++ data/CVE/list	2008-07-09 08:55:33 UTC (rev 9267)
@@ -3628,10 +3628,15 @@
 	RESERVED
 CVE-2008-1448
 	RESERVED
-CVE-2008-1447
+CVE-2008-1447 [lack of source port randomization in DNS resolvers]
 	RESERVED
 	{DSA-1603-1}
-	- bind9 1:9.5.0.dfsg-5
+	- bind9 1:9.5.0.dfsg-5 (high)
+	- glibc <unfixed> (medium)
+	- dnsmasq <unfixed> (medium)
+	- pdnsd <unfixed> (medium)
+	NOTE: Unbound and PowerDNS are affected by the underlying protocol issue, but
+	NOTE: already use source port randomization.
 CVE-2008-1446
 	RESERVED
 CVE-2008-1445 (Active Directory on Microsoft Windows 2000 Server SP4, XP
Professional ...)

Secure testing commits - Jul 2008 - r9267 - data/CVE

[Secure-testing-commits] r9267 - data/CVE