From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200804-22.xml | 69 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 metadata/glsa/glsa-200804-22.xml (limited to 'metadata/glsa/glsa-200804-22.xml') diff --git a/metadata/glsa/glsa-200804-22.xml b/metadata/glsa/glsa-200804-22.xml new file mode 100644 index 000000000000..8f2768de8e5e --- /dev/null +++ b/metadata/glsa/glsa-200804-22.xml @@ -0,0 +1,69 @@ + + + + PowerDNS Recursor: DNS Cache Poisoning + + Use of insufficient randomness in PowerDNS Recursor might lead to DNS cache + poisoning. + + pdns-recursor + 2008-04-18 + 2008-08-21: 03 + 215567 + 231335 + remote + + + 3.1.6 + 3.1.6 + + + +

+ The PowerDNS Recursor is an advanced recursing nameserver. +

+ + +

+ Amit Klein of Trusteer reported that insufficient randomness is used to + calculate the TRXID values and the UDP source port numbers + (CVE-2008-1637). Thomas Biege of SUSE pointed out that a prior fix to + resolve this issue was incomplete, as it did not always enable the + stronger random number generator for source port selection + (CVE-2008-3217). +

+ + +

+ A remote attacker could send malicious answers to insert arbitrary DNS + data into the cache. These attacks would in turn help an attacker to + perform man-in-the-middle and site impersonation attacks. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All PowerDNS Recursor users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/pdns-recursor-3.1.6" + + + CVE-2008-1637 + CVE-2008-3217 + + + keytoaster + + + rbu + + + rbu + + -- cgit v1.2.3