CVE-2012-2808

Name of the Vulnerable Software and Affected Versions Android versions prior to 4.1.1

Description The issue concerns the PRNG implementation in the DNS resolver in Bionic, which incorrectly utilizes time and PID information to generate random numbers for query ID values and UDP source ports. This makes it easier for remote attackers to spoof DNS responses by guessing these numbers.

Recommendations For Android versions prior to 4.1.1, update to version 4.1.1 or later to resolve the issue.