[pdns-recursor] [CVE-2008-1637] cache poisoning vulnerability
Bug #214980 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pdns-recursor (Debian) |
Fix Released
|
Undecided
|
Unassigned | ||
pdns-recursor (Ubuntu) |
Fix Released
|
Medium
|
William Grant | ||
Edgy |
Won't Fix
|
Undecided
|
Unassigned | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Gutsy |
Won't Fix
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
Medium
|
William Grant |
Bug Description
Binary package hint: pdns-recursor
References:
DSA-1544-1 (http://
Quoting:
"Amit Klein discovered that pdns-recursor, a caching DNS resolver, uses a
weak random number generator to create DNS transaction IDs and UDP
source port numbers. As a result, cache poisoning attacks were
simplified."
Related branches
CVE References
Changed in pdns-recursor: | |
status: | New → Fix Released |
Changed in pdns-recursor: | |
assignee: | nobody → fujitsu |
status: | Confirmed → In Progress |
To post a comment you must log in.
The patch is gigantic, and can be found in 3.1.4-1etch1.