Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2008-3217 CVE-2008-1637

Source

Debian Bug report logs - #493576
pdns-server: CVE-2008-3217 ( PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator... )

Package: pdns-recursor; Maintainer for pdns-recursor is pdns-recursor packagers <pdns-recursor@packages.debian.org>; Source for pdns-recursor is src:pdns-recursor (PTS, buildd, popcon).

Reported by: Thomas Bläsing <thomasbl@pool.math.tu-berlin.de>

Date: Sun, 3 Aug 2008 10:39:01 UTC

Severity: minor

Tags: security

Done: Christoph Haas <email@christoph-haas.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian PowerDNS Maintainers <powerdns-debian@workaround.org>:
Bug#493576; Package pdns-server. (full text, mbox, link).

Acknowledgement sent to Thomas Bläsing <thomasbl@pool.math.tu-berlin.de>:
New Bug report received and forwarded. Copy sent to Debian PowerDNS Maintainers <powerdns-debian@workaround.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Package: pdns-server
Version: 2.9.21-6
Severity: serious
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for pdns-server.

CVE-2008-3217[0]:
| PowerDNS Recursor before 3.1.6 does not always use the strongest
| random number generator for source port selection, which makes it
| easier for remote attack vectors to conduct DNS cache poisoning.
NOTE:
| this is related to incomplete integration of security improvements
| associated with addressing CVE-2008-1637.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3217
    http://security-tracker.debian.net/tracker/CVE-2008-3217

Kind regards,
Thomas.

[signature.asc (application/pgp-signature, inline)]

Bug reassigned from package `pdns-server' to `pdns-recursor'. Request was from Christoph Haas <haas@debian.org> to control@bugs.debian.org. (Sun, 03 Aug 2008 19:36:02 GMT) (full text, mbox, link).

Tags added: pending Request was from Christoph Haas <haas@debian.org> to control@bugs.debian.org. (Sun, 03 Aug 2008 19:36:03 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PowerDNS Maintainers <powerdns-debian@workaround.org>:
Bug#493576; Package pdns-recursor. (full text, mbox, link).

Acknowledgement sent to Christoph Haas <email@christoph-haas.de>:
Extra info received and forwarded to list. Copy sent to Debian PowerDNS Maintainers <powerdns-debian@workaround.org>. (full text, mbox, link).

Message #14 received at 493576@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

On Sonntag, 3. August 2008, Thomas Bläsing wrote:
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for pdns-server.

Not exactly - the CVE was assigned to the pdns-recursor package. 
pdns-server and pdns-recursor are seperate packages. I have added the CVE 
to pdns-recursor's changelog. I'm downgrading the priority the priority of 
the bug because it's mainly cosmetical.

Thanks anyway for the report.

 Christoph

[signature.asc (application/pgp-signature, inline)]

Severity set to `minor' from `serious' Request was from Christoph Haas <haas@debian.org> to control@bugs.debian.org. (Sun, 03 Aug 2008 19:39:05 GMT) (full text, mbox, link).

Reply sent to Christoph Haas <email@christoph-haas.de>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Thomas Bläsing <thomasbl@pool.math.tu-berlin.de>:
Bug acknowledged by developer. (full text, mbox, link).

Message #21 received at 493576-done@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

This bug doesn't warrant a new upload fixing it in the 'changelog' file. 
The issue has apparently been fixed already in revision 3.1.4-1+etch4. So 
I'm closing this bug.

 Christoph

[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 13 Oct 2008 07:33:49 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 19:18:23 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

pdns-server: CVE-2008-3217 ( PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator... )

Debian Bug report logs - #493576
pdns-server: CVE-2008-3217 ( PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator... )

Vulmon Search

About

Products

Connect

pdns-server: CVE-2008-3217 ( PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator... )

Debian Bug report logs - #493576 pdns-server: CVE-2008-3217 ( PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator... )

Vulmon Search

About

Products

Connect

Debian Bug report logs - #493576
pdns-server: CVE-2008-3217 ( PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator... )