CVE Vulnerabilities

CVE-2008-1637

Published: Apr 02, 2008 | Modified: Oct 11, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.

Affected Software

Name Vendor Start Version End Version
Recursor Powerdns * 3.1.4
Pdns-recursor Ubuntu devel *
Pdns-recursor Ubuntu edgy *
Pdns-recursor Ubuntu feisty *
Pdns-recursor Ubuntu gutsy *
Pdns-recursor Ubuntu hardy *
Pdns-recursor Ubuntu intrepid *

References