Red Hat Bugzilla – Bug 426437
CVE-2007-6341 Perl crash by crafted response to Net::DNS
Last modified: 2008-03-19 06:44:55 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6341 to the following vulnerability:
Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such
as SpamAssassin and OTRS, allows remote attackers to cause a denial of
service (program "croak") via a crafted DNS response.
This issue has no security impact. The flaw will cause Net::DNS to "croak",
which in turn should be handled by the calling application. In the case of
RHEL, the only known application that uses this functionality is Spamassassin.
Spamassassin handles this failure gracefully and continues to function, minus
the DNS tests.
This and similar vulnerabilities fixed in Net::DNS version 0.63.
Net::DNS version 0.63 is in rawhide.