Lucene search
GoogleOSV:DSA-1544-2HistoryJul 16, 2008 - 12:00 a.m.
pdns-recursor - predictable randomness
2008-07-1600:00:00
Google
osv.dev
14
EPSS
0.008
Percentile
81.5%
Amit Klein discovered that pdns-recursor, a caching DNS resolver, uses a
weak random number generator to create DNS transaction IDs and UDP
source port numbers. As a result, cache poisoning attacks were
simplified. (CVE-2008-1637
and CVE-2008-3217)
For the stable distribution (etch), these problems have been fixed in
version 3.1.4-1+etch2.
For the unstable distribution (sid), these problems have been fixed in
version 3.1.7-1.
We recommend that you upgrade your pdns-recursor package.
References
Related
cve
cve
ubuntucve
ubuntucve
prion
prion
Input validation
2008-07-18 16:41:00
Improper access control
2008-04-02 17:44:00
Code injection
2008-08-08 19:41:00
debiancve
debiancve
gentoo
gentoo
PowerDNS Recursor: DNS Cache Poisoning
2008-04-18 00:00:00
nessus
nessus
Debian DSA-1544-2 : pdns-recursor - design flaw
2008-04-17 00:00:00
GLSA-200804-22 : PowerDNS Recursor: DNS Cache Poisoning
2008-04-22 00:00:00
osv
osv
pdns-recursor - cache poisoning vulnerability
2008-07-16 00:00:00
cvelist
cvelist
openvas
openvas
Debian: Security Advisory (DSA-1544-2)
2008-08-15 00:00:00
Fedora Update for pdns-recursor FEDORA-2008-6893
2009-02-17 00:00:00
Fedora Update for pdns-recursor FEDORA-2008-3010
2009-02-17 00:00:00
nvd
nvd
fedora
fedora
[SECURITY] Fedora 9 Update: pdns-recursor-3.1.7-2.fc9
2008-07-30 20:11:54
[SECURITY] Fedora 7 Update: pdns-recursor-3.1.5-1.fc7
2008-04-09 05:22:07
[SECURITY] Fedora 8 Update: pdns-recursor-3.1.5-1.fc8
2008-04-09 05:23:39
debian
debian
securityvulns
securityvulns
Multiple DNS servers and clients DNS records spoofing
2008-07-29 00:00:00
redhatcve
redhatcve
CVE-2008-3337
2019-10-04 20:21:18