CVE-2008-3217

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.openwall.com/lists/oss-security/2008/07/09/10", "name": "[oss-security] 20080709 CVE request: PowerDNS recursor source port randomization", "tags": [], "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2008/07/10/6", "name": "[oss-security] 20080710 Re: DNS vulnerability: other relevant software", "tags": [], "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2008/07/16/12", "name": "[oss-security] 20080716 Re: CVE request: PowerDNS recursor source port randomization", "tags": [], "refsource": "MLIST"}, {"url": "http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-1-6", "name": "http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-1-6", "tags": [], "refsource": "CONFIRM"}, {"url": "http://wiki.powerdns.com/cgi-bin/trac.fcgi/changeset/1179", "name": "http://wiki.powerdns.com/cgi-bin/trac.fcgi/changeset/1179", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/30782", "name": "30782", "tags": [], "refsource": "BID"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01353.html", "name": "FEDORA-2008-6893", "tags": [], "refsource": "FEDORA"}, {"url": "http://secunia.com/advisories/31311", "name": "31311", "tags": [], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43925", "name": "powerdns-recursor-rng-weak-security(43925)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of security improvements associated with addressing CVE-2008-1637."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-189"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-3217", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-07-18T16:41Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:powerdns:recursor:3.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:powerdns:recursor:3.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:powerdns:recursor:3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:powerdns:recursor:3.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:powerdns:recursor:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:powerdns:recursor:3.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.1.5"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-08T01:31Z"}