6.8

CVE-2008-3217

EPSS 0%
Published 18.07.2008 16:41:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning.  NOTE: this is related to incomplete integration of security improvements associated with addressing CVE-2008-1637.

Affected products Warnungen 0 Metrics 2 CWE 0 References 12

Data is provided by the National Vulnerability Database (NVD)

Powerdns ≫ Recursor Version <= 3.1.5

Powerdns ≫ Recursor Version3.0

Powerdns ≫ Recursor Version3.0.1

Powerdns ≫ Recursor Version3.1.1

Powerdns ≫ Recursor Version3.1.2

Powerdns ≫ Recursor Version3.1.3

Powerdns ≫ Recursor Version3.1.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0%	0.002

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-1-6

http://secunia.com/advisories/31311

http://wiki.powerdns.com/cgi-bin/trac.fcgi/changeset/1179

Patch

http://www.openwall.com/lists/oss-security/2008/07/09/10

http://www.openwall.com/lists/oss-security/2008/07/10/6

http://www.openwall.com/lists/oss-security/2008/07/16/12

http://www.securityfocus.com/bid/30782

https://exchange.xforce.ibmcloud.com/vulnerabilities/43925

https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01353.html

https://nvd.nist.gov/vuln/detail/CVE-2008-3217

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3217

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3217

EUVD