CVE-2008-3217

Sažetak

PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of security improvements associated with addressing CVE-2008-1637.

Reference

http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-1-6
http://secunia.com/advisories/31311
http://wiki.powerdns.com/cgi-bin/trac.fcgi/changeset/1179
http://www.openwall.com/lists/oss-security/2008/07/09/10
http://www.openwall.com/lists/oss-security/2008/07/10/6
http://www.openwall.com/lists/oss-security/2008/07/16/12
http://www.securityfocus.com/bid/30782
https://exchange.xforce.ibmcloud.com/vulnerabilities/43925
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01353.html

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

08-08-2017 - 01:31

Objavljeno

18-07-2008 - 16:41