Package: libnet-dns-perl Version: 0.63-2 Severity: important Tags: security
Hi, From inspecting the code of libnet-dns-perl, it seems that it is not using the recommended source port randomisation for countering the cache poisoning attack as discovered by Dan Kaminski and referenced as CVE-2008-1447. In 0.60 code was added to set it to "0" which will make more recent kernels randomise it, but this doesn't work on older kernels. Since this is a stub resolver the risk is lesser than for caching nameservers, but nonetheless this is an issue which we really should be fixing in lenny. Can you please look into that? As it seems a fix for important bugs can still be granted a freeze exception. If a straghtforward fix is available for etch, it would be released by the security team. thanks, Thijs
pgp1IUajFjfS1.pgp
Description: PGP signature