CVE-2012-2808 - The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time

CVE-2012-2808

Summary

The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2015-0800. <a href="https://cwe.mitre.org/data/definitions/330.html">CWE-330: Use of Insufficiently Random Values</a>

References

http://blog.watchfire.com/files/androiddnsweakprng.pdf
http://www.mozilla.org/security/announce/2015/mfsa2015-41.html

Vulnerable Configurations

cpe:2.3:a:google:bionic:-:*:*:*:*:android:*:*
cpe:2.3:a:google:bionic:-:*:*:*:*:android:*:*

CVSS

Base:	5.0 (as of 01-04-2015 - 15:56)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

misc

http://blog.watchfire.com/files/androiddnsweakprng.pdf
http://www.mozilla.org/security/announce/2015/mfsa2015-41.html

Last major update

01-04-2015 - 15:56

Published

01-04-2015 - 10:59

Last modified

01-04-2015 - 15:56