|Description||PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||medium (attack range: remote)|
Vulnerable and fixed packages
The table below lists information on source packages.
|pdns-recursor (PTS)||wheezy (security), wheezy||3.3-3+deb7u1||fixed|
|jessie (security), jessie||3.6.2-2+deb8u2||fixed|
The information below is based on the following data on fixed versions.
Fix in 3.1.5 was incomplete, see CVE-2008-3217