6.8

CVE-2008-1637

Exploit

EPSS 0.03%
Veröffentlicht 02.04.2008 17:44:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 21

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Powerdns ≫ Recursor Version <= 3.1.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.044

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html

http://secunia.com/advisories/30581

http://doc.powerdns.com/changelog.html

http://doc.powerdns.com/powerdns-advisory-2008-01.html

Patch

Exploit

http://secunia.com/advisories/29584

Vendor Advisory

Exploit

http://secunia.com/advisories/29737

http://secunia.com/advisories/29764

http://secunia.com/advisories/29830

http://security.gentoo.org/glsa/glsa-200804-22.xml

http://www.debian.org/security/2008/dsa-1544

http://www.securityfocus.com/archive/1/490330/100/0/threaded

http://www.securityfocus.com/bid/28517

http://www.trusteer.com/docs/PowerDNS_recursor_DNS_Cache_Poisoning.pdf

Exploit

http://www.trusteer.com/docs/powerdnsrecursor.html

Exploit

http://www.vupen.com/english/advisories/2008/1046/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/41534

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00198.html

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00224.html

https://nvd.nist.gov/vuln/detail/CVE-2008-1637

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1637

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1637

EUVD