ID CVE-2007-2925
Summary The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.
References
Vulnerable Configurations
  • ISC BIND 9.4.0
    cpe:2.3:a:isc:bind:9.4.0
  • ISC BIND 9.4.1
    cpe:2.3:a:isc:bind:9.4.1
  • ISC BIND 9.5.0
    cpe:2.3:a:isc:bind:9.5.0
CVSS
Base: 5.8 (as of 24-07-2007 - 13:50)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-149.NASL
    description The DNS query id generation code in BIND9 is vulnerable to cryptographic analysis which provides a 1-in-8 change of guessing the next query ID for 50% of the query IDs, which could be used by a remote attacker to perform cache poisoning by an attacker (CVE-2007-2926). As well, in BIND9 9.4.x, the default ACLs were note being correctly set, which could allow anyone to make recursive queries and/or query the cache contents (CVE-2007-2925). This update provides packages which are patched to prevent these issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 25795
    published 2007-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25795
    title Mandrake Linux Security Advisory : bind (MDKSA-2007:149)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-1247.NASL
    description - CVE-2007-2925 - allow-query-cache/allow-recursion default acls not set - workaround - disable recursion or explicitly set allow-query-cache and allow-recursion acls - CVE-2007-2926 - cryptographically weak query id generator - 1 in 8 chance of guessing the next query id for 50% of the query ids - allows cache-poisoning type of attack, no workaround, affect only outgoing queries Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27707
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27707
    title Fedora 7 : bind-9.4.1-7.P1.fc7 (2007-1247)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2007-207-01.NASL
    description New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 to fix security issues. The first issue which allows remote attackers to make recursive queries only affects Slackware 12.0. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925 The second issue is the discovery that BIND9's query IDs are cryptographically weak. This issue affects the versions of BIND9 in all supported Slackware versions. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 54868
    published 2011-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54868
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 : bind (SSA:2007-207-01)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200708-13.NASL
    description The remote host is affected by the vulnerability described in GLSA-200708-13 (BIND: Weak random number generation) Amit Klein from Trusteer reported that the random number generator of ISC BIND leads, half the time, to predictable (1 chance to 8) query IDs in the resolver routine or in zone transfer queries (CVE-2007-2926). Additionally, the default configuration file has been strengthen with respect to the allow-recursion{} and the allow-query{} options (CVE-2007-2925). Impact : A remote attacker can use this weakness by sending queries for a domain he handles to a resolver (directly to a recursive server, or through another process like an email processing) and then observing the resulting IDs of the iterative queries. The attacker will half the time be able to guess the next query ID, then perform cache poisoning by answering with those guessed IDs, while spoofing the UDP source address of the reply. Furthermore, with empty allow-recursion{} and allow-query{} options, the default configuration allowed anybody to make recursive queries and query the cache. Workaround : There is no known workaround at this time for the random generator weakness. The allow-recursion{} and allow-query{} options should be set to trusted hosts only in /etc/bind/named.conf, thus preventing several security risks.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 25919
    published 2007-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25919
    title GLSA-200708-13 : BIND: Weak random number generation
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0066.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 99569
    published 2017-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99569
    title OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)
refmap via4
bid 25076
confirm
gentoo GLSA-200708-13
mandriva MDKSA-2007:149
openpkg OpenPKG-SA-2007.022
sectrack 1018441
secunia
  • 26227
  • 26236
  • 26509
  • 26515
slackware SSA:2007-207-01
vupen
  • ADV-2007-2628
  • ADV-2007-2914
xf isc-bind-acl-security-bypass(35571)
statements via4
contributor Joshua Bressers
lastmodified 2007-07-26
organization Red Hat
statement Not vulnerable. This issu did not affect the versions of bind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Last major update 07-03-2011 - 21:55
Published 24-07-2007 - 13:30
Last modified 30-10-2018 - 12:27
Back to Top