CVE-2012-2808

NameCVE-2012-2808
DescriptionThe PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2015-0800.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceweaselsource(unstable)(not affected)

Notes

- iceweasel <not-affected> (Only affects 37.x; only on Android)
https://www.mozilla.org/en-US/security/advisories/mfsa2015-41/

Search for package or bug name: Reporting problems