PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2008-04-02T17:00:00
Updated: 2024-08-07T08:32:01.076Z
Reserved: 2008-04-02T00:00:00
Link: CVE-2008-1637
Vulnrichment
No data.
NVD
Status : Modified
Published: 2008-04-02T17:44:00.000
Modified: 2024-11-21T00:44:58.670
Link: CVE-2008-1637
Redhat