CVE-2008-1637
published 2008-04-02CVE-2008-1637: PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote…
PriorityP427medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
3.96%
89.2th percentile
PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pdns-recursor | < pdns-recursor 3.1.7-1 (bookworm) | pdns-recursor 3.1.7-1 (bookworm) |
| powerdns | recursor | <= 3.1.5 | — |
| powerdns | recursor | <= 3.1.4 | — |
| powerdns | recursor | — | — |
| powerdns | recursor | — | — |
| powerdns | recursor | — | — |
| powerdns | recursor | — | — |
| powerdns | recursor | — | — |
| powerdns | recursor | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
pdns-recursor: not using the strongest random number generator for source port selection
vendor_redhat·2008-04-25·CVSS 6.8
CVE-2008-3217 [MEDIUM] pdns-recursor: not using the strongest random number generator for source port selection
pdns-recursor: not using the strongest random number generator for source port selection
PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of security improvements associated with addressing CVE-2008-1637.
Red Hat
pdns-recursor: perdictable query ids
vendor_redhat·2008-03-31·CVSS 6.8
CVE-2008-1637 [MEDIUM] pdns-recursor: perdictable query ids
pdns-recursor: perdictable query ids
PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.
Debian
CVE-2008-1637: pdns-recursor - PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRX...
vendor_debian·2008·CVSS 6.8
CVE-2008-1637 [MEDIUM] CVE-2008-1637: pdns-recursor - PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRX...
PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.
Scope: local
bookworm: resolved (fixed in 3.1.7-1)
bullseye: resolved (fixed in 3.1.7-1)
forky: resolved (fixed in 3.1.7-1)
sid: resolved (fixed in 3.1.7-1)
trixie: resolved (fixed in 3.1.7-1)
Debian
CVE-2008-3217: pdns-recursor - PowerDNS Recursor before 3.1.6 does not always use the strongest random number g...
vendor_debian·2008·CVSS 6.8
CVE-2008-3217 [MEDIUM] CVE-2008-3217: pdns-recursor - PowerDNS Recursor before 3.1.6 does not always use the strongest random number g...
PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of security improvements associated with addressing CVE-2008-1637.
Scope: local
bookworm: resolved (fixed in 3.1.7-1)
bullseye: resolved (fixed in 3.1.7-1)
forky: resolved (fixed in 3.1.7-1)
sid: resolved (fixed in 3.1.7-1)
trixie: resolved (fixed in 3.1.7-1)
GHSA
GHSA-c5qh-3289-h9w4: PowerDNS Recursor before 3
ghsa_unreviewed·2022-05-01
CVE-2008-1637 [MEDIUM] GHSA-c5qh-3289-h9w4: PowerDNS Recursor before 3
PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.
GHSA
GHSA-2v8f-3jfm-64p5: PowerDNS Recursor before 3
ghsa_unreviewed·2022-05-01·CVSS 6.8
CVE-2008-3217 [MEDIUM] GHSA-2v8f-3jfm-64p5: PowerDNS Recursor before 3
PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of security improvements associated with addressing CVE-2008-1637.
OSV
CVE-2008-3217: PowerDNS Recursor before 3
osv·2008-07-18·CVSS 6.8
CVE-2008-3217 [MEDIUM] CVE-2008-3217: PowerDNS Recursor before 3
PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of security improvements associated with addressing CVE-2008-1637.
OSV
CVE-2008-1637: PowerDNS Recursor before 3
osv·2008-04-02·CVSS 6.8
CVE-2008-1637 [MEDIUM] CVE-2008-1637: PowerDNS Recursor before 3
PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2008-3217 pdns-recursor: not using the strongest random number generator for source port selection
bugzilla·2008-07-21·CVSS 6.8
CVE-2008-3217 [MEDIUM] CVE-2008-3217 pdns-recursor: not using the strongest random number generator for source port selection
CVE-2008-3217 pdns-recursor: not using the strongest random number generator for source port selection
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3217 to the following vulnerability:
PowerDNS Recursor before 3.1.6 does not always use the strongest
random number generator for source port selection, which makes it
easier for remote attack vectors to conduct DNS cache poisoning. NOTE:
this is related to incomplete integration of security improvements
associated with addressing CVE-2008-1637.
Upstream fix:
http://wiki.powerdns.com/cgi-bin/trac.fcgi/changeset/1179
References:
http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-1-6
http://www.openwall.com/lists/oss-security/2008/07/09/10
Discussion:
pdns-recursor-3.1.7-2.fc9 has been pushed to the Fedora 9
Bugzilla
CVE-2008-1637 pdns-recursor: perdictable query ids
bugzilla·2008-04-02·CVSS 6.8
CVE-2008-1637 [MEDIUM] CVE-2008-1637 pdns-recursor: perdictable query ids
CVE-2008-1637 pdns-recursor: perdictable query ids
Amit Klein of Trusteer discovered and documented weakness in a way PowerDNS
Recursor generates DNS queries and transaction IDs used in DNS queries. This
weakness can be used to predict transaction IDs used in a subsequent queries
after observing certain amount of consequent previous queries, leading to a high
possibility of performing a successful cache poisoning attack.
PowerDNS Recursor 3.1.5 was released to address this issue.
References:
http://www.trusteer.com/docs/powerdnsrecursor.html
http://doc.powerdns.com/powerdns-advisory-2008-01.html
http://mailman.powerdns.com/pipermail/pdns-users/2008-March/005279.html
http://www.securityfocus.com/archive/1/490330/30/
Discussion:
CVE-2008-1637 was assigned to this issue:
PowerDNS Recurs
http://doc.powerdns.com/changelog.htmlhttp://doc.powerdns.com/powerdns-advisory-2008-01.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.htmlhttp://secunia.com/advisories/29584http://secunia.com/advisories/29737http://secunia.com/advisories/29764http://secunia.com/advisories/29830http://secunia.com/advisories/30581http://security.gentoo.org/glsa/glsa-200804-22.xmlhttp://www.debian.org/security/2008/dsa-1544http://www.securityfocus.com/archive/1/490330/100/0/threadedhttp://www.securityfocus.com/bid/28517http://www.trusteer.com/docs/PowerDNS_recursor_DNS_Cache_Poisoning.pdfhttp://www.trusteer.com/docs/powerdnsrecursor.htmlhttp://www.vupen.com/english/advisories/2008/1046/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41534https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00198.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-April/msg00224.htmlhttp://doc.powerdns.com/changelog.htmlhttp://doc.powerdns.com/powerdns-advisory-2008-01.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.htmlhttp://secunia.com/advisories/29584http://secunia.com/advisories/29737http://secunia.com/advisories/29764http://secunia.com/advisories/29830http://secunia.com/advisories/30581http://security.gentoo.org/glsa/glsa-200804-22.xmlhttp://www.debian.org/security/2008/dsa-1544http://www.securityfocus.com/archive/1/490330/100/0/threadedhttp://www.securityfocus.com/bid/28517http://www.trusteer.com/docs/PowerDNS_recursor_DNS_Cache_Poisoning.pdfhttp://www.trusteer.com/docs/powerdnsrecursor.htmlhttp://www.vupen.com/english/advisories/2008/1046/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41534https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00198.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-April/msg00224.html
2008-04-02
Published