CVE-2007-2926

Severity

43%

Complexity

86%

Confidentiality

48%

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N).

Overview

Type

ISC BIND

First reported 17 years ago

2007-07-24 17:30:00

Last updated 6 years ago

2018-10-30 16:27:00

Affected Software

ISC BIND 9.0

9.0

ISC BIND 9.1

9.1

ISC BIND 9.2

9.2

ISC BIND 9.3

9.3

ISC BIND 9.4

9.4

ISC BIND 9.5

9.5

ISC BIND 9.5.0

9.5.0

References

ftp://aix.software.ibm.com/aix/efixes/security/README

20070801-01-P

http://docs.info.apple.com/article.html?artnum=307041

HPSBUX02251

HPSBTU02256

HPSBOV02261

APPLE-SA-2007-11-14

HPSBOV03226

26148

26152

Vendor Advisory

26160

26180

26195

26217

26227

26231

26236

26261

26308

26330

26509

26515

26531

26605

26607

26847

26925

27643

FreeBSD-SA-07:07

103018

http://support.avaya.com/elmodocs2/security/ASA-2007-389.htm

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903

DSA-1341

GLSA-200708-13

http://www.isc.org/index.pl?/sw/bind/bind-security.php

VU#252735

US Government Resource

MDKSA-2007:149

SUSE-SA:2007:047

OpenPKG-SA-2007.022

RHSA-2007:0740

http://www.securiteam.com/securitynews/5VP0L0UM0A.html

20070724 "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)

20070724 Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)

20070726 Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)

20070727 Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)

25037

26444

1018442

SSA:2007-207-01

http://www.trusteer.com/docs/bind9dns.html

http://www.trusteer.com/docs/bind9dns_s.html

2007-0023

USN-491-1

TA07-319A

US Government Resource

ADV-2007-2627

ADV-2007-2662

ADV-2007-2782

ADV-2007-2914

ADV-2007-2932

ADV-2007-3242

ADV-2007-3868

IZ02218

IZ02219

isc-bind-queryid-spoofing(35575)

https://issues.rpath.com/browse/RPL-1587

oval:org.mitre.oval:def:10293

oval:org.mitre.oval:def:2226

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.