6.8

CVE-2008-1637

Exploit

EPSS 0.03%
Published 02.04.2008 17:44:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.

Affected products Warnungen 0 Metrics 2 CWE 0 References 21

Data is provided by the National Vulnerability Database (NVD)

Powerdns ≫ Recursor Version <= 3.1.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.044

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html

http://secunia.com/advisories/30581

http://doc.powerdns.com/changelog.html

http://doc.powerdns.com/powerdns-advisory-2008-01.html

Patch

Exploit

http://secunia.com/advisories/29584

Vendor Advisory

Exploit

http://secunia.com/advisories/29737

http://secunia.com/advisories/29764

http://secunia.com/advisories/29830

http://security.gentoo.org/glsa/glsa-200804-22.xml

http://www.debian.org/security/2008/dsa-1544

http://www.securityfocus.com/archive/1/490330/100/0/threaded

http://www.securityfocus.com/bid/28517

http://www.trusteer.com/docs/PowerDNS_recursor_DNS_Cache_Poisoning.pdf

Exploit

http://www.trusteer.com/docs/powerdnsrecursor.html

Exploit

http://www.vupen.com/english/advisories/2008/1046/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/41534

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00198.html

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00224.html

https://nvd.nist.gov/vuln/detail/CVE-2008-1637

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1637

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1637

EUVD