CVE-2008-3217

2008-07-1816:41:00

CWE-189

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.3

Confidence

Low

EPSS

0.011

Percentile

84.4%

JSON

PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of security improvements associated with addressing CVE-2008-1637.

Affected configurations

Nvd

Node

powerdnsrecursorRange≤3.1.5

powerdnsrecursorMatch3.0

powerdnsrecursorMatch3.0.1

powerdnsrecursorMatch3.1.1

powerdnsrecursorMatch3.1.2

powerdnsrecursorMatch3.1.3

powerdnsrecursorMatch3.1.4

VendorProductVersionCPE
powerdnsrecursor*cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*
powerdnsrecursor3.0cpe:2.3:a:powerdns:recursor:3.0:*:*:*:*:*:*:*
powerdnsrecursor3.0.1cpe:2.3:a:powerdns:recursor:3.0.1:*:*:*:*:*:*:*
powerdnsrecursor3.1.1cpe:2.3:a:powerdns:recursor:3.1.1:*:*:*:*:*:*:*
powerdnsrecursor3.1.2cpe:2.3:a:powerdns:recursor:3.1.2:*:*:*:*:*:*:*
powerdnsrecursor3.1.3cpe:2.3:a:powerdns:recursor:3.1.3:*:*:*:*:*:*:*
powerdnsrecursor3.1.4cpe:2.3:a:powerdns:recursor:3.1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
powerdns	recursor	*	cpe:2.3:a:powerdns:recursor::::::::
powerdns	recursor	3.0	cpe:2.3:a:powerdns:recursor:3.0:::::::*
powerdns	recursor	3.0.1	cpe:2.3:a:powerdns:recursor:3.0.1:::::::*
powerdns	recursor	3.1.1	cpe:2.3:a:powerdns:recursor:3.1.1:::::::*
powerdns	recursor	3.1.2	cpe:2.3:a:powerdns:recursor:3.1.2:::::::*
powerdns	recursor	3.1.3	cpe:2.3:a:powerdns:recursor:3.1.3:::::::*
powerdns	recursor	3.1.4	cpe:2.3:a:powerdns:recursor:3.1.4:::::::*