CVE-2008-1637
Published: 2 April 2008
PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.
Priority
Status
Package | Release | Status |
---|---|---|
pdns-recursor Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(3.1.4-6ubuntu1)
|
|
intrepid |
Released
(3.1.4-6ubuntu1)
|
|
upstream |
Needs triage
|