PowerDNS Source Port Randomization Remote Cache Poisoning Vulnerability
BID:30782
Info
PowerDNS Source Port Randomization Remote Cache Poisoning Vulnerability
| Bugtraq ID: | 30782 |
| Class: | Design Error |
| CVE: |
CVE-2008-3217 |
| Remote: | Yes |
| Local: | No |
| Published: | May 01 2008 12:00AM |
| Updated: | Aug 28 2008 06:24PM |
| Credit: | Thomas Biege |
| Vulnerable: |
PowerDNS PowerDNS 3.1.5 Gentoo Linux |
| Not Vulnerable: |
PowerDNS PowerDNS 3.1.6 |
Discussion
PowerDNS Source Port Randomization Remote Cache Poisoning Vulnerability
PowerDNS is prone to a remote cache-poisoning vulnerability because of a weakness in the use of random number generators. This issue is the result of an incomplete fix to the vulnerability discussed in BID 28517.
An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.
Versions prior to PowerDNS 3.1.6 are vulnerable to this issue.
PowerDNS is prone to a remote cache-poisoning vulnerability because of a weakness in the use of random number generators. This issue is the result of an incomplete fix to the vulnerability discussed in BID 28517.
An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.
Versions prior to PowerDNS 3.1.6 are vulnerable to this issue.
Exploit / POC
PowerDNS Source Port Randomization Remote Cache Poisoning Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
PowerDNS Source Port Randomization Remote Cache Poisoning Vulnerability
Solution:
The vendor has released PowerDNS 3.1.6 to address this issue. Please see the references for more information.
PowerDNS PowerDNS 3.1.5
Solution:
The vendor has released PowerDNS 3.1.6 to address this issue. Please see the references for more information.
PowerDNS PowerDNS 3.1.5
-
PowerDNS pdns-recursor-3.1.6.tar.bz2
http://downloads.powerdns.com/releases/pdns-recursor-3.1.6.tar.bz2
References
PowerDNS Source Port Randomization Remote Cache Poisoning Vulnerability
References:
References:
- PowerDNS Product Page (PowerDNS)
- PowerDNS Release Notes (PowerDNS)