CVE-2022-34294: totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks. "Because the projects age, there are no patches available for the described issues."
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=263ada4ff064f2efbf53f85971b53dbb202a8d6a commit 263ada4ff064f2efbf53f85971b53dbb202a8d6a Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2024-01-07 01:00:40 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2024-01-07 01:00:53 +0000 profiles: last rite net-dns/totd Bug: https://bugs.gentoo.org/856466 Bug: https://bugs.gentoo.org/865253 Signed-off-by: John Helmert III <ajak@gentoo.org> profiles/package.mask | 5 +++++ 1 file changed, 5 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63b794b3a21829c48815eb69dd2358470a8e1814 commit 63b794b3a21829c48815eb69dd2358470a8e1814 Author: Jakov Smolić <jsmolic@gentoo.org> AuthorDate: 2024-02-10 12:06:51 +0000 Commit: Jakov Smolić <jsmolic@gentoo.org> CommitDate: 2024-02-10 12:06:51 +0000 net-dns/totd: treeclean Closes: https://bugs.gentoo.org/861296 Closes: https://bugs.gentoo.org/900058 Bug: https://bugs.gentoo.org/856466 Bug: https://bugs.gentoo.org/865253 Signed-off-by: Jakov Smolić <jsmolic@gentoo.org> net-dns/totd/Manifest | 1 - net-dns/totd/files/totd | 38 ------------------------- net-dns/totd/files/totd-1.5.1-fix-CC.patch | 11 -------- net-dns/totd/files/totd-1.5.1-no_werror.patch | 11 -------- net-dns/totd/metadata.xml | 10 ------- net-dns/totd/totd-1.5.1.ebuild | 40 --------------------------- profiles/package.mask | 5 ---- 7 files changed, 116 deletions(-)
