cbcvebase.
CVE-2008-3217
published 2008-07-18

CVE-2008-3217: PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack…

PriorityP424medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.81%
75.9th percentile
PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of security improvements associated with addressing CVE-2008-1637.

Affected

14 ranges
VendorProductVersion rangeFixed in
debianpdns< pdns 2.9.21.1-1 (bookworm)pdns 2.9.21.1-1 (bookworm)
debianpdns-recursor< pdns-recursor 3.1.7-1 (bookworm)pdns-recursor 3.1.7-1 (bookworm)
open-xchangepdns>= 0 < 2.9.21.1-12.9.21.1-1
open-xchangepdns>= 0 < 2.9.21.1-12.9.21.1-1
open-xchangepdns>= 0 < 2.9.21.1-12.9.21.1-1
open-xchangepdns>= 0 < 2.9.21.1-12.9.21.1-1
powerdnsauthoritative_server<= 2.9.21
powerdnsrecursor<= 3.1.5
powerdnsrecursor
powerdnsrecursor
powerdnsrecursor
powerdnsrecursor
powerdnsrecursor
powerdnsrecursor

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.