• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PowerDNS Source Port Randomization Remote Cache Poisoning Vulnerability

PowerDNS is prone to a remote cache-poisoning vulnerability because of a weakness in the use of random number generators. This issue is the result of an incomplete fix to the vulnerability discussed in BID 28517.

An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.

Versions prior to PowerDNS 3.1.6 are vulnerable to this issue.