CVE-2007-3409

Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.

CVSS v3 7.5 HIGH
CVSS v2.0 4.3 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc	Broken Link
http://osvdb.org/37054	Broken Link
http://rt.cpan.org/Public/Bug/Display.html?id=27285	Broken Link
http://secunia.com/advisories/25829	Broken Link
http://secunia.com/advisories/26012	Broken Link
http://secunia.com/advisories/26014	Broken Link
http://secunia.com/advisories/26055	Broken Link
http://secunia.com/advisories/26075	Broken Link
http://secunia.com/advisories/26211	Broken Link
http://secunia.com/advisories/26231	Broken Link
http://secunia.com/advisories/26417	Broken Link
http://secunia.com/advisories/26543	Broken Link
http://secunia.com/advisories/29354	Broken Link
http://www.debian.org/security/2008/dsa-1515	Mailing List Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200708-06.xml	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:146	Third Party Advisory
http://www.net-dns.org/docs/Changes.html	Release Notes
http://www.novell.com/linux/security/advisories/2007_17_sr.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2007-0674.html	Broken Link
http://www.securityfocus.com/archive/1/473871/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/24669	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1018376	Broken Link Third Party Advisory VDB Entry
http://www.trustix.org/errata/2007/0023/	Broken Link
http://www.ubuntu.com/usn/usn-483-1	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10595	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:net-dns:net\:\:dns:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:3.1:::::::*
	cpe:2.3:o:debian:debian_linux:4.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*

History

03 Feb 2024, 02:30

Information

Published : 2007-06-26 18:30

Updated : 2024-02-03 02:30

NVD link : CVE-2007-3409

Mitre link : CVE-2007-3409

CVE.ORG link : CVE-2007-3409

JSON object : View

Products Affected

net-dns

net\

canonical

ubuntu_linux

debian

debian_linux

CWE

CWE-674

Uncontrolled Recursion

Type	Values Removed	Values Added
References	~~() ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc -~~	() ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc - Broken Link
References	~~() http://osvdb.org/37054 -~~	() http://osvdb.org/37054 - Broken Link
References	~~() http://rt.cpan.org/Public/Bug/Display.html?id=27285 -~~	() http://rt.cpan.org/Public/Bug/Display.html?id=27285 - Broken Link
References	~~() http://secunia.com/advisories/25829 -~~	() http://secunia.com/advisories/25829 - Broken Link
References	~~() http://secunia.com/advisories/26012 -~~	() http://secunia.com/advisories/26012 - Broken Link
References	~~() http://secunia.com/advisories/26014 -~~	() http://secunia.com/advisories/26014 - Broken Link
References	~~() http://secunia.com/advisories/26055 -~~	() http://secunia.com/advisories/26055 - Broken Link
References	~~() http://secunia.com/advisories/26075 -~~	() http://secunia.com/advisories/26075 - Broken Link
References	~~() http://secunia.com/advisories/26211 -~~	() http://secunia.com/advisories/26211 - Broken Link
References	~~() http://secunia.com/advisories/26231 -~~	() http://secunia.com/advisories/26231 - Broken Link
References	~~() http://secunia.com/advisories/26417 -~~	() http://secunia.com/advisories/26417 - Broken Link
References	~~() http://secunia.com/advisories/26543 -~~	() http://secunia.com/advisories/26543 - Broken Link
References	~~() http://secunia.com/advisories/29354 -~~	() http://secunia.com/advisories/29354 - Broken Link
References	~~() http://www.debian.org/security/2008/dsa-1515 -~~	() http://www.debian.org/security/2008/dsa-1515 - Mailing List, Third Party Advisory
References	~~() http://www.gentoo.org/security/en/glsa/glsa-200708-06.xml -~~	() http://www.gentoo.org/security/en/glsa/glsa-200708-06.xml - Third Party Advisory
References	~~() http://www.mandriva.com/security/advisories?name=MDKSA-2007:146 -~~	() http://www.mandriva.com/security/advisories?name=MDKSA-2007:146 - Third Party Advisory
References	~~() http://www.net-dns.org/docs/Changes.html -~~	() http://www.net-dns.org/docs/Changes.html - Release Notes
References	~~() http://www.novell.com/linux/security/advisories/2007_17_sr.html -~~	() http://www.novell.com/linux/security/advisories/2007_17_sr.html - Broken Link
References	~~() http://www.redhat.com/support/errata/RHSA-2007-0674.html -~~	() http://www.redhat.com/support/errata/RHSA-2007-0674.html - Broken Link
References	~~() http://www.securityfocus.com/archive/1/473871/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/473871/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securityfocus.com/bid/24669 -~~	() http://www.securityfocus.com/bid/24669 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id?1018376 -~~	() http://www.securitytracker.com/id?1018376 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.trustix.org/errata/2007/0023/ -~~	() http://www.trustix.org/errata/2007/0023/ - Broken Link
References	~~() http://www.ubuntu.com/usn/usn-483-1 -~~	() http://www.ubuntu.com/usn/usn-483-1 - Third Party Advisory
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10595 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10595 - Broken Link
First Time		Debian Canonical Net-dns net\ Debian debian Linux Canonical ubuntu Linux Net-dns
CVSS	v2 : ~~4.3~~ v3 : ~~unknown~~	v2 : 4.3 v3 : 7.5
CPE	cpe:2.3:a:nlnet_labs:net_dns:0.49_02:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.51:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.44_01:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.34_02:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.39_01:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.14:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.52:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.22:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.45:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.30:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.42_02:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.57:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.43:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.40_01:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.53:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.42:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.35:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.56:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.45_01:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.49_03:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.38_01:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.48_02:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.38:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.47:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.50:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.44_02:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.38_02:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.51_01:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.32:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.23:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.51_02:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.44:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.29:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.34_03:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.42_01:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.53_02:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.25:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.26:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.48:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.34:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.37:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.54:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.24:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.33:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.59:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.55:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.36:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.39_02:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.31:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.41:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.53_01:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.49_01:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.27:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.49:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.48_03:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.46:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.21:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.28:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.39:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.47_01:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.48_01:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.20:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.58:::::::* cpe:2.3:a:nlnet_labs:net_dns:0.40:::::::*	cpe:2.3:o:debian:debian_linux:3.1:::::::* cpe:2.3:a:net-dns:net\:\:dns:::::::: cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::* cpe:2.3:o:debian:debian_linux:4.0:::::::* cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*
CWE	~~NVD-CWE-Other~~	CWE-674

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2007-3409

7.5^/10

4.3^/10

Attach tags to `CVE-2007-3409`