PT-2015-3523 · Google · Android
Published
2015-04-01
·
Updated
2024-06-15
·
CVE-2012-2808
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Android versions prior to 4.1.1
Description
The issue concerns the PRNG implementation in the DNS resolver in Bionic, which incorrectly utilizes time and PID information to generate random numbers for query ID values and UDP source ports. This makes it easier for remote attackers to spoof DNS responses by guessing these numbers.
Recommendations
For Android versions prior to 4.1.1, update to version 4.1.1 or later to resolve the issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Android