Lucas Teichmann

**Name of the Vulnerable Software and Affected Versions** dproxy-nexgen (affected versions not specified) **Description** The issue allows attackers to conduct DNS cache-poisoning attacks because the DNS transaction id (TXID) value from client queries is re-used. This enables attackers, who can send queries to the resolver, to exploit the known TXID value. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dproxy-nexgen (affected versions not specified) **Description** The issue allows DNS cache poisoning due to the use of a static UDP source port with insufficient entropy to prevent traffic injection attacks. This occurs because dproxy-nexgen selects the UDP source port randomly only at boot time in upstream queries sent to DNS resolvers. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dproxy-nexgen (affected versions not specified) **Description** The issue arises from the misinterpretation of special domain name characters in dproxy-nexgen, leading to cache poisoning. This occurs because domain names and their associated IP addresses are cached in their misinterpreted form. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dproxy-nexgen (affected versions not specified) **Description** The issue concerns dproxy-nexgen forwarding and caching DNS queries with the CD bit set to 1, which leads to the disabling of DNSSEC protection provided by upstream resolvers. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DNRD (aka Domain Name Relay Daemon) version 2.20.3 **Description** The issue concerns the forwarding and caching of DNS queries with the CD bit set to 1, which results in the disabling of DNSSEC protection provided by upstream resolvers. This affects the security of DNS queries. **Recommendations** For DNRD version 2.20.3, consider disabling the caching of DNS queries with the CD bit set to 1 until a patch is available. Restrict access to the DNS query forwarding feature to minimize the risk of exploitation. Avoid using the CD bit in DNS queries until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DNRD (aka Domain Name Relay Daemon) version 2.20.3 **Description** The issue arises from the misinterpretation of special domain name characters, leading to cache poisoning. This occurs because domain names and their associated IP addresses are cached in their misinterpreted form. **Recommendations** For DNRD (aka Domain Name Relay Daemon) version 2.20.3, consider disabling the caching functionality until a patch is available to prevent cache poisoning. Restrict access to the domain name resolution service to minimize the risk of exploitation. Avoid using special domain name characters in the affected DNRD version until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** totd version 1.5.3 **Description** The issue allows DNS cache poisoning due to the use of a fixed UDP source port in upstream queries sent to DNS resolvers, resulting in insufficient entropy to prevent traffic injection attacks. **Recommendations** For totd version 1.5.3, consider implementing a random UDP source port for upstream queries to DNS resolvers to prevent traffic injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.