CVE-2012-2808

Currently unrated

Key Information:

Vendor: Google
Status: Bionic
Vendor: CVE Published:; 1 April 2015

Summary

The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2015-0800.

References

http://www.mozilla.org/security/announce/2015/mfsa2015-41...

x_refsource_MISC

http://blog.watchfire.com/files/androiddnsweakprng.pdf

x_refsource_MISC

Timeline

Vulnerability published
Apr 1, 2015
Vulnerability Reserved
May 19, 2012

Collectors

NVD DatabaseMitre Database