Published: 18/07/2008 Updated: 08/08/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

PowerDNS Recursor prior to 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of security improvements associated with addressing CVE-2008-1637.

Vulnerable Product	Search on Vulmon	Subscribe to Product
powerdns recursor 3.1.2
powerdns recursor 3.1.3
powerdns recursor 3.0.1
powerdns recursor 3.1.1
powerdns recursor 3.0
powerdns recursor 3.1.4
powerdns recursor

Debian Bug report logs - #493576 pdns-server: CVE-2008-3217 ( PowerDNS Recursor before 316 does not always use the strongest random number generator ) Package: pdns-recursor; Maintainer for pdns-recursor is pdns-recursor packagers <pdns-recursor@packagesdebianorg>; Source for pdns-recursor is src:pdns-recursor (PTS, buildd, p ...

CWE-189 http://www.openwall.com/lists/oss-security/2008/07/09/10 http://www.openwall.com/lists/oss-security/2008/07/10/6 http://www.openwall.com/lists/oss-security/2008/07/16/12 http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-1-6 http://wiki.powerdns.com/cgi-bin/trac.fcgi/changeset/1179 http://www.securityfocus.com/bid/30782 https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01353.html http://secunia.com/advisories/31311 https://exchange.xforce.ibmcloud.com/vulnerabilities/43925 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493576 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-3217

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect