CVE-2008-1637 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-1637
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1637

Description: PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/41534 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html SAID Secunia Advisory: SA29830 Secunia Advisory: SA30581 Secunia Advisory: SA29584 Secunia Advisory: SA29737 Secunia Advisory: SA29764 MISC http://www.trusteer.com/docs/powerdnsrecursor.html http://www.trusteer.com/docs/PowerDNS_recursor_DNS_Cache_Poisoning.pdf GENTOO http://security.gentoo.org/glsa/glsa-200804-22.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1544 CONFIRM http://doc.powerdns.com/changelog.html http://doc.powerdns.com/powerdns-advisory-2008-01.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/490330/100/0/threaded BID 28517

Return to the previous page.