CVE-2007-2188

eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing.

Date published : 2007-04-24

http://www.securityfocus.com/bid/23577

http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0569.html