Design/Logic Flaw

The PRNG implementation in the DNS resolver in Mozilla Firefox aka Fennec before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to...

Design/Logic Flaw

The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a...

CVE-2012-2808

The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a...

CVE-2015-0800

The PRNG implementation in the DNS resolver in Mozilla Firefox aka Fennec before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to...

CVE-2012-2808

The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a...

CVE-2015-0800

The CVE-2015-0800 entry concerns Mozilla Firefox on Android (pre-37.0) where the DNS resolver’s PRNG for query IDs and UDP source ports may not generate random values properly. This weakens the ability to distinguish genuine DNS responses from spoofed ones, enabling remote attackers to spoof DNS ...

CVE-2012-2808

CVE-2012-2808 affects Android's Bionic DNS resolver, where the PRNG used to generate DNS query IDs and UDP source ports relies on time and PID. This weakens randomness, facilitating remote spoofing of DNS responses. The connected CVE-2015-0800 describes a related Android Firefox DNS-spoofing issu...

Android OS may behave as an open resolver

Overview A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Android OS contains an issue where it may behave as an open resolver when the tethering function is enabled. Yasuhiro Orange Morishita of Japan...

JVN#81094176: Android OS may behave as an open resolver

A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Android OS contains an issue where it may behave as an open resolver when the tethering function is enabled. Impact The Android device may be used in a DNS...

Debian DLA-107-1 : unbound security update

Florian Maury from ANSSI discovered that unbound, a validating, recursive, and caching DNS resolver, was prone to a denial of service vulnerability. An attacker crafting a malicious zone and able to emit or make emit queries to the server can trick the resolver into following an endless series of...

[SECURITY] Fedora 20 Update: bind-9.9.4-18.P2.fc20

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

Debian DSA-3169-1 : eglibc - security update

Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library : - CVE-2012-3406 The vfprintf function in stdio-common/vfprintf.c in GNU C Library aka glibc 2.5, 2.12, and probably other versions does not 'properly restrict the use of' the alloca function when allocating...

USN-2484-1: Unbound vulnerability

Florian Maury discovered that Unbound incorrectly handled delegation. A remote attacker could possibly use this issue to cause Unbound to consume resources, resulting in a denial of service...

[SECURITY] Fedora 19 Update: bind-9.9.3-16.P2.fc19

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

[SECURITY] Fedora 21 Update: bind-9.9.6-5.P1.fc21

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

SOL15931 - Unbound vulnerability CVE-2014-8602

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

Oracle Linux 5 : ntp (ELSA-2014-2025)

The remote Oracle Linux 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2014-2025 advisory. - don't generate weak control key for resolver CVE-2014-9293 - don't generate weak MD5 keys in ntp-keygen CVE-2014-9294 Tenable has extracted the...

ISC BIND Recursive Resolver Resource Consumption Denial of Service (CVE-2014-8500)

A denial of service vulnerability exists in ISC BIND. The vulnerability is due to a design weakness in the way BIND follows DNS delegations. A remote attacker can exploit these vulnerabilities by sending a request to a recursive resolver forcing the resolver to issue a large number possibly...

[SECURITY] Fedora 20 Update: unbound-1.5.1-2.fc20

Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...

[SECURITY] Fedora 21 Update: unbound-1.5.1-2.fc21

Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...