You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Michael Scheidell <sc...@secnap.net> on 2008/03/27 16:15:55 UTC

Net::DNS .060 allows remote attackers to cause DOS

From:
http://search.cpan.org/src/OLAF/Net-DNS-0.63/Changes

Fix rt.cpan.org #30316  Security issue with Net::DNS Resolver.

  Net/DNS/RR/A.pm in Net::DNS 0.60 build 654 allows remote attackers  to 
cause a denial of service (program "croak") via a crafted DNS
  response (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6341). Packet  
parsing routines are now enclosed in eval blocks to trap exception
  and avoid premature termination of user program.

Fix: Update to 0.63.

Note: to Freebsd Ports SpamAssassin users: A minor update to SA will 
include dependency on 0.63.  pt-Net-DNS was updated on ports tree 10 
days ago:
http://www.freebsd.org/cgi/query-pr.cgi?pr=120702

An official update to SA ports version 3.4.2_3 will be send to ports 
shortly.

-- 
Michael Scheidell, CTO
Main: 561-999-5000, Office: 561-939-7259
 > *| *SECNAP Network Security Corporation
Winner 2008 Technosium hot company award.
www.technosium.com/hotcompanies/ <http://www.technosium.com/hotcompanies/>


_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(tm). 
For Information please see http://www.spammertrap.com
_________________________________________________________________________

RE: :DNS .060 allows remote attackers to cause DOS

Posted by Robert - elists <li...@abbacomm.net>.

 

 

From: 
http://search.cpan.org/src/OLAF/Net-DNS-0.63/Changes

Fix rt.cpan.org #30316  Security issue with Net::DNS Resolver.

  Net/DNS/RR/A.pm in Net::DNS 0.60 build 654 allows remote attackers  to
cause a denial of service (program "croak") via a crafted DNS
  response (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6341). Packet
parsing routines are now enclosed in eval blocks to trap exception
  and avoid premature termination of user program.

Fix: Update to 0.63.

Note: to Freebsd Ports SpamAssassin users: A minor update to SA will include
dependency on 0.63.  pt-Net-DNS was updated on ports tree 10 days ago:
http://www.freebsd.org/cgi/query-pr.cgi?pr=120702

An official update to SA ports version 3.4.2_3 will be send to ports shortly

 

Hmmmmm.

 

Is the post above from Scheidell a BSD *port* update only related issue
posting ???

 

There have been 3 updates to perl-Net-DNS in the last 8 months since .60

 

We have been using .63 since about Feb 21 2008

 

 - rh

Re: Net::DNS .060 allows remote attackers to cause DOS

Posted by mouss <mo...@netoyen.net>.

Michael Scheidell wrote:
> From:
> http://search.cpan.org/src/OLAF/Net-DNS-0.63/Changes
>
> Fix rt.cpan.org #30316  Security issue with Net::DNS Resolver.
>
>  Net/DNS/RR/A.pm in Net::DNS 0.60 build 654 allows remote attackers  
> to cause a denial of service (program "croak") via a crafted DNS
>  response (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6341). Packet  
> parsing routines are now enclosed in eval blocks to trap exception
>  and avoid premature termination of user program.
>
> Fix: Update to 0.63.
>
> Note: to Freebsd Ports SpamAssassin users: A minor update to SA will 
> include dependency on 0.63.  pt-Net-DNS was updated on ports tree 10 
> days ago:
> http://www.freebsd.org/cgi/query-pr.cgi?pr=120702
>
> An official update to SA ports version 3.4.2_3 will be send to ports 
> shortly.

you mean 3.4.2_3 I guess.

PS. shouldn't the audit db be updated?