resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2014-11-28T02:00:00

Updated: 2024-08-06T11:27:37.029Z

Reserved: 2014-07-10T00:00:00

Link: CVE-2014-4883

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-11-28T02:59:04.677

Modified: 2024-11-21T02:11:02.627

Link: CVE-2014-4883

cve-icon Redhat

No data.