PowerDNS Recursor: DNS Cache Poisoning — GLSA 200804-22

Use of insufficient randomness in PowerDNS Recursor might lead to DNS cache poisoning.

Affected Packages

net-dns/pdns-recursor on all architectures
Affected versions < 3.1.6
Unaffected versions >= 3.1.6

Background

The PowerDNS Recursor is an advanced recursing nameserver.

Description

Amit Klein of Trusteer reported that insufficient randomness is used to calculate the TRXID values and the UDP source port numbers (CVE-2008-1637). Thomas Biege of SUSE pointed out that a prior fix to resolve this issue was incomplete, as it did not always enable the stronger random number generator for source port selection (CVE-2008-3217).

Impact

A remote attacker could send malicious answers to insert arbitrary DNS data into the cache. These attacks would in turn help an attacker to perform man-in-the-middle and site impersonation attacks.

Workaround

There is no known workaround at this time.

Resolution

All PowerDNS Recursor users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-dns/pdns-recursor-3.1.6"

References

Release Date
April 18, 2008

Latest Revision
August 21, 2008: 03

Severity
normal

Exploitable
remote

Bugzilla entries