Vulnerability in Net::DNS 0.60

Jeff A. Earickson jaearick at colby.edu
Fri Jan 4 19:46:25 GMT 2008


I just installed Net::DNS 0.62 onto my system running MS
MailScanner-4.66.5-2 (Solaris 10), no problems with doing this.
Denis, thanks for the warning...

Jeff Earickson
Colby College

On Fri, 4 Jan 2008, Julian Field wrote:

> Date: Fri, 04 Jan 2008 19:34:27 +0000
> From: Julian Field <MailScanner at ecs.soton.ac.uk>
> Reply-To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> Subject: Re: Vulnerability in Net::DNS 0.60
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Upgraded. There is a new version on the website which includes Net::DNS
> 0.62 instead of 0.60.
>
> Denis Beauchemin wrote:
>> Hello all,
>>
>> I just read the following:
>>
>> 07.52.14 CVE: CVE-2007-6341
>> Platform: Linux
>> Title: Perl Net::DNS DNS Response Remote Denial of Service
>> Description: The Perl Net::DNS module allows scripts written in Perl
>> to perform DNS queries. The application is exposed to a remote denial
>> of service issue due to a failure of the module to properly handle
>> malformed DNS responses. DNS version 0.60 is affected.
>> Ref: https://rt.cpan.org/Public/Bug/Display.html?id=30316
>>
>> Julian, your easy Clam+SA install package contains Net::DNS 0.60.  The
>> current version is 0.62.
>>
>> Denis
>>
>
> Jules
>
> - --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> MailScanner customisation, or any advanced system administration help?
> Contact me at Jules at Jules.FM
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.7.0 (Build 1012)
> Comment: Use Thunderbird's Enigmail add-on to verify this message
> Charset: ISO-8859-1
>
> wj8DBQFHfopEEfZZRxQVtlQRAq+TAJ9HzyClf73GOIwgsEITHjQd2ym9EgCeIsCL
> 41gQiXMouQRmVnvlIsoE3lc=
> =bTee
> -----END PGP SIGNATURE-----
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>


More information about the MailScanner mailing list