18 matches found
SUSE CVE-2008-1637
PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate 1 TRXID values and 2 UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to a algorithmic deficiencies in rand and random functions in external libraries, b use of a 32-bit seed...
Fedora Update for pdns-recursor FEDORA-2008-3036
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for pdns-recursor FEDORA-2008-3010
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Gentoo Security Advisory GLSA 200804-22 (pdns-recursor)
The remote host is missing updates announced in advisory GLSA 200804-22. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200804-22 (pdns-recursor)
The remote host is missing updates announced in advisory GLSA 200804-22. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 1544-2 (pdns-recursor)
The remote host is missing an update to pdns-recursor announced via advisory DSA 1544-2. OpenVAS Vulnerability Test $Id: deb15442.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1544-2 pdns-recursor Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft...
Debian: Security Advisory (DSA-1544-2)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Input validation
PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of security improvements associated with addressing...
CVE-2008-3217
PowerDNS Recursor before 3.1.6 has weak randomness in TRXID and UDP source port selection, enabling potential remote DNS cache poisoning. Affected: PowerDNS Recursor
[SECURITY] [DSA 1544-2] New pdns-recursor packages fix predictable randomness
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1544-2 [email protected] http://www.debian.org/security/ Florian Weimer July 16, 2008 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1544-2] New pdns-recursor packages fix predictable randomness
------------------------------------------------------------------------ Debian Security Advisory DSA-1544-2 [email protected] http://www.debian.org/security/ Florian Weimer July 16, 2008 http://www.debian.org/security/faq -...
openSUSE 10 Security Update : pdns (pdns-5242)
pdns used predictable random numbers for DNS responses. Therfore attackers could generate spoofed DNS responses CVE-2008-1637. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update pdns-5242. The te...
openSUSE 10 Security Update : pdns-recursor (pdns-recursor-5319)
Pdns-recursor was prone to a spoofing vulnerability which could be abused to redirect clients or manipulate data. CVE-2008-1637 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
Debian Security Advisory DSA 1544-1 (pdns-recursor)
The remote host is missing an update to pdns-recursor announced via advisory DSA 1544-1. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
PowerDNS Recursor: DNS Cache Poisoning
Background The PowerDNS Recursor is an advanced recursing nameserver. Description Amit Klein of Trusteer reported that insufficient randomness is used to calculate the TRXID values and the UDP source port numbers CVE-2008-1637. Thomas Biege of SUSE pointed out that a prior fix to resolve this iss...
Fedora 8 : pdns-recursor-3.1.5-1.fc8 (2008-3036)
Bug 440247 - CVE-2008-1637 pdns-recursor: perdictable query ids Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
DSA-1544-1 pdns-recursor - cache poisoning vulnerability
Bulletin has no description...
CVE-2008-1637
CVE-2008-1637 affects the PowerDNS Recursor (3.x) prior to 3.1.6, due to insufficient randomness used to compute TRXID values and UDP source ports, enabling potential cache poisoning. The underlying issue involves weaknesses in the random/seeding approach (32-bit seed; time-based seeding; externa...