PT-2008-4633 · Powerdns · Powerdns Recursor

Florian Weimer

Published

2008-07-18

Updated

2017-08-08

CVE-2008-3217

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: PowerDNS Recursor versions prior to 3.1.6

Description: The issue makes it easier for remote attack vectors to conduct DNS cache poisoning due to the incomplete integration of security improvements. This is related to the random number generator not always being used for source port selection.

Recommendations: For versions prior to 3.1.6, update to version 3.1.6 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2008-3217

DSA-1544-2

Affected Products

Powerdns Recursor

PT-2008-4633 · Powerdns · Powerdns Recursor

CVE-2008-3217

Weakness Enumeration

Related Identifiers

Affected Products

References · 13