Описание
An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks.
Ссылки
- Release NotesThird Party Advisory
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
- Release NotesThird Party Advisory
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 4.6.4 (включая)
cpe:2.3:a:butok:fnet:*:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00446
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-330
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks.
EPSS
Процентиль: 63%
0.00446
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-330