Package: pdnsd Version: 1.2.4par-0.2 1.2.6-par-8 Severity: grave Tags: security
Hi, It seems that pdnsd is vulnerable to the DNS cache poisoning attack as described by Dan Kaminski and referenced as CVE-2008-1447. I'm not intimately aware of pdnsd; could you look into this issue and see whether it's indeed vulnerable and whether an updated package can be provided? Reading the source code didn't give me any indication of source port randomisation so I'm filing this as grave until we're either sure that it's not vulnerable or that a fix has been applied. thanks, Thijs -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.18-6-686 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
