6.8

CVE-2008-3217

EPSS 0%
Veröffentlicht 18.07.2008 16:41:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning.  NOTE: this is related to incomplete integration of security improvements associated with addressing CVE-2008-1637.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Powerdns ≫ Recursor Version <= 3.1.5

Powerdns ≫ Recursor Version3.0

Powerdns ≫ Recursor Version3.0.1

Powerdns ≫ Recursor Version3.1.1

Powerdns ≫ Recursor Version3.1.2

Powerdns ≫ Recursor Version3.1.3

Powerdns ≫ Recursor Version3.1.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0%	0.002

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-1-6

http://secunia.com/advisories/31311

http://wiki.powerdns.com/cgi-bin/trac.fcgi/changeset/1179

Patch

http://www.openwall.com/lists/oss-security/2008/07/09/10

http://www.openwall.com/lists/oss-security/2008/07/10/6

http://www.openwall.com/lists/oss-security/2008/07/16/12

http://www.securityfocus.com/bid/30782

https://exchange.xforce.ibmcloud.com/vulnerabilities/43925

https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01353.html

https://nvd.nist.gov/vuln/detail/CVE-2008-3217

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3217

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3217

EUVD