Ubuntu
libnet-dns-perl package

CVE-2007-6341 libnet-dns-perl possible denial of service (program "croak") via a crafted DNS response.

Bug #205721 reported by Emanuele Gentili on 2008-03-23

254

	Status	Importance	Assigned to
libnet-dns-perl (Debian)	Fix Released	Unknown	debbugs #457445
libnet-dns-perl (Ubuntu)	Fix Released	Medium	Scott Kitterman
Dapper	Fix Released	Medium	Emanuele Gentili
Edgy	Fix Released	Medium	Emanuele Gentili
Feisty	Fix Released	Medium	Emanuele Gentili
Gutsy	Fix Released	Medium	Emanuele Gentili

Bug Description

Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-6341
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457445

Fixed in hardy by sync from Debian Unstable, bug #201454

CVE References

2007-6341

Emanuele Gentili (emgent) on 2008-03-23

Changed in libnet-dns-perl:
assignee:	nobody → emgent
importance:	Undecided → Medium
status:	New → In Progress

Scott Kitterman (kitterman) on 2008-03-23

Changed in libnet-dns-perl:
importance:	Undecided → Medium
status:	New → Confirmed
assignee:	nobody → emgent
status:	New → In Progress
assignee:	nobody → emgent
importance:	Undecided → Medium
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → emgent
importance:	Undecided → Medium
status:	New → In Progress

Revision history for this message

Emanuele Gentili (emgent) wrote on 2008-03-23:

gutsy_libnet-dns-perl_0.60-1ubuntu0.1.debdiff Edit (1.9 KiB, text/plain)

please use this, corrected debdiff.

Revision history for this message

Scott Kitterman (kitterman) wrote on 2008-03-23:

Fixed in Hardy.

Changed in libnet-dns-perl:
assignee:	emgent → kitterman
status:	In Progress → Fix Released

Revision history for this message

Emanuele Gentili (emgent) wrote on 2008-03-23:

feisty_libnet-dns-perl_0.59-1build1.2.debdiff Edit (1.9 KiB, text/plain)

Revision history for this message

Emanuele Gentili (emgent) wrote on 2008-03-23:

edgy_libnet-dns-perl_0.57-1ubuntu1.1.debdiff Edit (1.9 KiB, text/plain)

corrected debdiff for edgy.

Revision history for this message

Emanuele Gentili (emgent) wrote on 2008-03-23:

dapper_libnet-dns-perl_0.53-2ubuntu1.1.debdiff Edit (1.9 KiB, text/plain)

dapper ready too, waiting uploads.

Thanks.

Emanuele Gentili (emgent) on 2008-03-25

Changed in libnet-dns-perl:
assignee:	nobody → emgent
status:	Confirmed → In Progress

Revision history for this message

Kees Cook (kees) wrote on 2008-03-25:

Thanks! I have created a new testing script "test-libnet-dns-perl.py" in the qa-regression-testing bzr tree, which includes the CVE reproducer. These have been uploaded and will be published shortly.

Kees Cook (kees) on 2008-03-25

Changed in libnet-dns-perl:
status:	In Progress → Fix Committed
status:	In Progress → Fix Committed
status:	In Progress → Fix Committed
status:	In Progress → Fix Committed

Bug Watch Updater (bug-watch-updater) on 2008-03-26

Changed in libnet-dns-perl:
status:	Unknown → Fix Released

Emanuele Gentili (emgent) on 2008-03-27

Changed in libnet-dns-perl:
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

debbugs #457445
[done grave security] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntulibnet-dns-perl package

CVE-2007-6341 libnet-dns-perl possible denial of service (program "croak") via a crafted DNS response.

Bug Description

CVE References

Other bug subscribers

Patches

Remote bug watches

Ubuntu
libnet-dns-perl package