CVE-2008-3217
Published Jul 18, 2008
Last updated 7 years ago
Overview
- Description
- PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of security improvements associated with addressing CVE-2008-1637.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-189
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA8CA6BA-8533-47D2-99AE-F8AFDEF78A33",
"versionEndIncluding": "3.1.5"
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38DDFF27-8CBB-468D-9837-C74538E5EF0A"
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:3.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3920499-3580-4EA6-AD56-6515C3B8495A"
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:3.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA1E4934-6690-4A09-8E6E-FE7ED57B9DEE"
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:3.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D474CF9D-1898-46D3-80B1-2D3743265F56"
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:3.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E18F9C22-04BB-4081-89E0-E6989970EBCD"
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:3.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD3E469E-EAE5-4BF1-BB69-6445FBBF96FF"
}
],
"operator": "OR"
}
]
}
]