ID CVE-2007-2926
Summary ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.
References
Vulnerable Configurations
  • ISC BIND 9.0
    cpe:2.3:a:isc:bind:9.0
  • ISC BIND 9.1
    cpe:2.3:a:isc:bind:9.1
  • ISC BIND 9.2
    cpe:2.3:a:isc:bind:9.2
  • ISC BIND 9.3
    cpe:2.3:a:isc:bind:9.3
  • ISC BIND 9.4
    cpe:2.3:a:isc:bind:9.4
  • ISC BIND 9.5
    cpe:2.3:a:isc:bind:9.5
  • ISC BIND 9.5.0
    cpe:2.3:a:isc:bind:9.5.0
CVSS
Base: 4.3 (as of 24-07-2007 - 14:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-149.NASL
    description The DNS query id generation code in BIND9 is vulnerable to cryptographic analysis which provides a 1-in-8 change of guessing the next query ID for 50% of the query IDs, which could be used by a remote attacker to perform cache poisoning by an attacker (CVE-2007-2926). As well, in BIND9 9.4.x, the default ACLs were note being correctly set, which could allow anyone to make recursive queries and/or query the cache contents (CVE-2007-2925). This update provides packages which are patched to prevent these issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 25795
    published 2007-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25795
    title Mandrake Linux Security Advisory : bind (MDKSA-2007:149)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-1247.NASL
    description - CVE-2007-2925 - allow-query-cache/allow-recursion default acls not set - workaround - disable recursion or explicitly set allow-query-cache and allow-recursion acls - CVE-2007-2926 - cryptographically weak query id generator - 1 in 8 chance of guessing the next query id for 50% of the query ids - allows cache-poisoning type of attack, no workaround, affect only outgoing queries Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27707
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27707
    title Fedora 7 : bind-9.4.1-7.P1.fc7 (2007-1247)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0740.NASL
    description Updated bind packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND generates outbound DNS query ids. If an attacker is able to acquire a finite set of query IDs, it becomes possible to accurately predict future query IDs. Future query ID prediction may allow an attacker to conduct a DNS cache poisoning attack, which can result in the DNS server returning incorrect client query data. (CVE-2007-2926) Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25797
    published 2007-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25797
    title RHEL 2.1 / 3 / 4 / 5 : bind (RHSA-2007:0740)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1341.NASL
    description This update provides fixed packages for the oldstable distribution (sarge). For reference the original advisory text : Amit Klein discovered that the BIND name server generates predictable DNS query IDs, which may lead to cache poisoning attacks.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25851
    published 2007-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25851
    title Debian DSA-1341-2 : bind9 - design error
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0740.NASL
    description Updated bind packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND generates outbound DNS query ids. If an attacker is able to acquire a finite set of query IDs, it becomes possible to accurately predict future query IDs. Future query ID prediction may allow an attacker to conduct a DNS cache poisoning attack, which can result in the DNS server returning incorrect client query data. (CVE-2007-2926) Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25778
    published 2007-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25778
    title CentOS 3 / 4 / 5 : bind (CESA-2007:0740)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_4_11.NASL
    description The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.11 or a version of Mac OS X 10.3 which does not have Security Update 2007-008 applied. This update contains several security fixes for the following programs : - Flash Player Plugin - AppleRAID - BIND - bzip2 - CFFTP - CFNetwork - CoreFoundation - CoreText - Kerberos - Kernel - remote_cmds - Networking - NFS - NSURL - Safari - SecurityAgent - WebCore - WebKit
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 28212
    published 2007-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28212
    title Mac OS X < 10.4.11 Multiple Vulnerabilities (Security Update 2007-008)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119784.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. This plugin has been deprecated and either replaced with individual 119784 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 25542
    published 2007-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25542
    title Solaris 10 (x86) : 119784-40 (deprecated)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3DE342FB40BE11DCAEAC02E0185F8D72.NASL
    description When named(8) is operating as a recursive DNS server or sending NOTIFY requests to slave DNS servers, named(8) uses a predictable query id. Impact : An attacker who can see the query id for some request(s) sent by named(8) is likely to be able to perform DNS cache poisoning by predicting the query id for other request(s). Workaround : No workaround is available.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25834
    published 2007-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25834
    title FreeBSD : FreeBSD -- Predictable query ids in named(8) (3de342fb-40be-11dc-aeac-02e0185f8d72)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0740.NASL
    description From Red Hat Security Advisory 2007:0740 : Updated bind packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND generates outbound DNS query ids. If an attacker is able to acquire a finite set of query IDs, it becomes possible to accurately predict future query IDs. Future query ID prediction may allow an attacker to conduct a DNS cache poisoning attack, which can result in the DNS server returning incorrect client query data. (CVE-2007-2926) Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67554
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67554
    title Oracle Linux 3 / 4 / 5 : bind (ELSA-2007-0740)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070724_BIND_ON_SL5_X.NASL
    description A flaw was found in the way BIND generates outbound DNS query ids. If an attacker is able to acquire a finite set of query IDs, it becomes possible to accurately predict future query IDs. Future query ID prediction may allow an attacker to conduct a DNS cache poisoning attack, which can result in the DNS server returning incorrect client query data. (CVE-2007-2926)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60231
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60231
    title Scientific Linux Security Update : bind on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_BIND-3964.NASL
    description The bind nameserver generated predicatable DNS query IDs. Remote attackers could use that to perform DNS poisoning attacks (CVE-2007-2926).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27168
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27168
    title openSUSE 10 Security Update : bind (bind-3964)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11717.NASL
    description - CVE-2007-2926, cryptographically weak query ids [RT #16915]. Applied fix extracted from 9.2.8-P1 version. - version update to 9.3.x because ISC will no longer maintain version 9.2.x
    last seen 2019-02-21
    modified 2012-06-14
    plugin id 41147
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41147
    title SuSE9 Security Update : SLES9-SP4: Security update for bind (YOU Patch Number 11717)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119784-31.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-29
    plugin id 107838
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107838
    title Solaris 10 (x86) : 119784-31
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119784-40.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-29
    plugin id 107845
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107845
    title Solaris 10 (x86) : 119784-40
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119783-30.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-26
    plugin id 107334
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107334
    title Solaris 10 (sparc) : 119783-30
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119784-32.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-29
    plugin id 107839
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107839
    title Solaris 10 (x86) : 119784-32
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119784-39.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-29
    plugin id 107844
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107844
    title Solaris 10 (x86) : 119784-39
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119783-32.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-26
    plugin id 107336
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107336
    title Solaris 10 (sparc) : 119783-32
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2007-207-01.NASL
    description New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 to fix security issues. The first issue which allows remote attackers to make recursive queries only affects Slackware 12.0. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925 The second issue is the discovery that BIND9's query IDs are cryptographically weak. This issue affects the versions of BIND9 in all supported Slackware versions. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 54868
    published 2011-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=54868
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 : bind (SSA:2007-207-01)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119783.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. This plugin has been deprecated and either replaced with individual 119783 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 25541
    published 2007-06-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25541
    title Solaris 10 (sparc) : 119783-40 (deprecated)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119783-36.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-26
    plugin id 107338
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107338
    title Solaris 10 (sparc) : 119783-36
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119784-36.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-29
    plugin id 107841
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107841
    title Solaris 10 (x86) : 119784-36
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119784-29.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-29
    plugin id 107836
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107836
    title Solaris 10 (x86) : 119784-29
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119783-33.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-26
    plugin id 107337
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107337
    title Solaris 10 (sparc) : 119783-33
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119783-39.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-26
    plugin id 107341
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107341
    title Solaris 10 (sparc) : 119783-39
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119784-37.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-29
    plugin id 107842
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107842
    title Solaris 10 (x86) : 119784-37
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119783-37.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-26
    plugin id 107339
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107339
    title Solaris 10 (sparc) : 119783-37
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119784-25.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-29
    plugin id 107835
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107835
    title Solaris 10 (x86) : 119784-25
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119783-31.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-26
    plugin id 107335
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107335
    title Solaris 10 (sparc) : 119783-31
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119783-38.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-26
    plugin id 107340
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107340
    title Solaris 10 (sparc) : 119783-38
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200708-13.NASL
    description The remote host is affected by the vulnerability described in GLSA-200708-13 (BIND: Weak random number generation) Amit Klein from Trusteer reported that the random number generator of ISC BIND leads, half the time, to predictable (1 chance to 8) query IDs in the resolver routine or in zone transfer queries (CVE-2007-2926). Additionally, the default configuration file has been strengthen with respect to the allow-recursion{} and the allow-query{} options (CVE-2007-2925). Impact : A remote attacker can use this weakness by sending queries for a domain he handles to a resolver (directly to a recursive server, or through another process like an email processing) and then observing the resulting IDs of the iterative queries. The attacker will half the time be able to guess the next query ID, then perform cache poisoning by answering with those guessed IDs, while spoofing the UDP source address of the reply. Furthermore, with empty allow-recursion{} and allow-query{} options, the default configuration allowed anybody to make recursive queries and query the cache. Workaround : There is no known workaround at this time for the random generator weakness. The allow-recursion{} and allow-query{} options should be set to trusted hosts only in /etc/bind/named.conf, thus preventing several security risks.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 25919
    published 2007-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25919
    title GLSA-200708-13 : BIND: Weak random number generation
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0066.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 99569
    published 2017-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99569
    title OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119783-41.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2019-01-15
    plugin id 121174
    published 2019-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121174
    title Solaris 10 (sparc) : 119783-41
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119783-25.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-26
    plugin id 107332
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107332
    title Solaris 10 (sparc) : 119783-25
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119784-38.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-29
    plugin id 107843
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107843
    title Solaris 10 (x86) : 119784-38
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119783-40.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-26
    plugin id 107342
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107342
    title Solaris 10 (sparc) : 119783-40
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119783-29.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-26
    plugin id 107333
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107333
    title Solaris 10 (sparc) : 119783-29
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119784-33.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-29
    plugin id 107840
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107840
    title Solaris 10 (x86) : 119784-33
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-491-1.NASL
    description A flaw was discovered in Bind's sequence number generator. A remote attacker could calculate future sequence numbers and send forged DNS query responses. This could lead to client connections being directed to attacker-controlled hosts, resulting in credential theft and other attacks. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28093
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28093
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : bind9 vulnerability (USN-491-1)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119784-30.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2018-10-29
    plugin id 107837
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107837
    title Solaris 10 (x86) : 119784-30
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119784-41.NASL
    description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution.
    last seen 2019-02-21
    modified 2019-01-15
    plugin id 121180
    published 2019-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121180
    title Solaris 10 (x86) : 119784-41
  • NASL family SuSE Local Security Checks
    NASL id SUSE_BIND-3976.NASL
    description The bind nameserver generated predicatable DNS query IDs. Remote attackers could use that to perform DNS poisoning attacks. (CVE-2007-2926)
    last seen 2019-02-21
    modified 2012-06-14
    plugin id 29388
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29388
    title SuSE 10 Security Update : bind,bind-devel,bind-utils (ZYPP Patch Number 3976)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_36973.NASL
    description s700_800 11.23 Bind 9.2.0 components : A potential vulnerability has been identified with HP-UX running BIND. The vulnerability could be exploited remotely to cause DNS cache poisoning.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 26139
    published 2007-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26139
    title HP-UX PHNE_36973 : HP-UX Running BIND, Remote DNS Cache Poisoning (HPSBUX02251 SSRT071449 rev.3)
oval via4
  • accepted 2013-04-29T04:04:22.127-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.
    family unix
    id oval:org.mitre.oval:def:10293
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.
    version 24
  • accepted 2007-09-27T08:57:47.043-04:00
    class vulnerability
    contributors
    name Nicholas Hansen
    organization Opsware, Inc.
    definition_extensions
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.
    family unix
    id oval:org.mitre.oval:def:2226
    status accepted
    submitted 2007-08-23T13:32:59.000-04:00
    title Security Vulnerability in Solaris 10 BIND: Susceptible to Cache Poisoning Attack
    version 33
redhat via4
advisories
bugzilla
id 248851
title CVE-2007-2926 bind cryptographically weak query ids
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhba:tst:20070026001
    • OR
      • AND
        • comment bind is earlier than 20:9.2.4-21.el3
          oval oval:com.redhat.rhsa:tst:20070740002
        • comment bind is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070044003
      • AND
        • comment bind-chroot is earlier than 20:9.2.4-21.el3
          oval oval:com.redhat.rhsa:tst:20070740006
        • comment bind-chroot is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070044009
      • AND
        • comment bind-devel is earlier than 20:9.2.4-21.el3
          oval oval:com.redhat.rhsa:tst:20070740010
        • comment bind-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070044005
      • AND
        • comment bind-libs is earlier than 20:9.2.4-21.el3
          oval oval:com.redhat.rhsa:tst:20070740008
        • comment bind-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070044007
      • AND
        • comment bind-utils is earlier than 20:9.2.4-21.el3
          oval oval:com.redhat.rhsa:tst:20070740004
        • comment bind-utils is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070044011
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment bind is earlier than 20:9.2.4-27.0.1.el4
          oval oval:com.redhat.rhsa:tst:20070740013
        • comment bind is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070044003
      • AND
        • comment bind-chroot is earlier than 20:9.2.4-27.0.1.el4
          oval oval:com.redhat.rhsa:tst:20070740014
        • comment bind-chroot is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070044009
      • AND
        • comment bind-devel is earlier than 20:9.2.4-27.0.1.el4
          oval oval:com.redhat.rhsa:tst:20070740017
        • comment bind-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070044005
      • AND
        • comment bind-libs is earlier than 20:9.2.4-27.0.1.el4
          oval oval:com.redhat.rhsa:tst:20070740016
        • comment bind-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070044007
      • AND
        • comment bind-utils is earlier than 20:9.2.4-27.0.1.el4
          oval oval:com.redhat.rhsa:tst:20070740015
        • comment bind-utils is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070044011
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment bind is earlier than 30:9.3.3-9.0.1.el5
          oval oval:com.redhat.rhsa:tst:20070740019
        • comment bind is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057003
      • AND
        • comment bind-chroot is earlier than 30:9.3.3-9.0.1.el5
          oval oval:com.redhat.rhsa:tst:20070740033
        • comment bind-chroot is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057005
      • AND
        • comment bind-devel is earlier than 30:9.3.3-9.0.1.el5
          oval oval:com.redhat.rhsa:tst:20070740027
        • comment bind-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057007
      • AND
        • comment bind-libbind-devel is earlier than 30:9.3.3-9.0.1.el5
          oval oval:com.redhat.rhsa:tst:20070740029
        • comment bind-libbind-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057015
      • AND
        • comment bind-libs is earlier than 30:9.3.3-9.0.1.el5
          oval oval:com.redhat.rhsa:tst:20070740031
        • comment bind-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057017
      • AND
        • comment bind-sdb is earlier than 30:9.3.3-9.0.1.el5
          oval oval:com.redhat.rhsa:tst:20070740021
        • comment bind-sdb is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057009
      • AND
        • comment bind-utils is earlier than 30:9.3.3-9.0.1.el5
          oval oval:com.redhat.rhsa:tst:20070740023
        • comment bind-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057011
      • AND
        • comment caching-nameserver is earlier than 30:9.3.3-9.0.1.el5
          oval oval:com.redhat.rhsa:tst:20070740025
        • comment caching-nameserver is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057013
rhsa
id RHSA-2007:0740
released 2007-07-24
severity Moderate
title RHSA-2007:0740: bind security update (Moderate)
rpms
  • bind-20:9.2.4-21.el3
  • bind-chroot-20:9.2.4-21.el3
  • bind-devel-20:9.2.4-21.el3
  • bind-libs-20:9.2.4-21.el3
  • bind-utils-20:9.2.4-21.el3
  • bind-20:9.2.4-27.0.1.el4
  • bind-chroot-20:9.2.4-27.0.1.el4
  • bind-devel-20:9.2.4-27.0.1.el4
  • bind-libs-20:9.2.4-27.0.1.el4
  • bind-utils-20:9.2.4-27.0.1.el4
  • bind-30:9.3.3-9.0.1.el5
  • bind-chroot-30:9.3.3-9.0.1.el5
  • bind-devel-30:9.3.3-9.0.1.el5
  • bind-libbind-devel-30:9.3.3-9.0.1.el5
  • bind-libs-30:9.3.3-9.0.1.el5
  • bind-sdb-30:9.3.3-9.0.1.el5
  • bind-utils-30:9.3.3-9.0.1.el5
  • caching-nameserver-30:9.3.3-9.0.1.el5
refmap via4
aixapar
  • IZ02218
  • IZ02219
apple APPLE-SA-2007-11-14
bid
  • 25037
  • 26444
bugtraq
  • 20070724 "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)
  • 20070724 Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)
  • 20070726 Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)
  • 20070727 Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)
cert TA07-319A
cert-vn VU#252735
confirm
debian DSA-1341
freebsd FreeBSD-SA-07:07
gentoo GLSA-200708-13
hp
  • HPSBOV02261
  • HPSBOV03226
  • HPSBTU02256
  • HPSBUX02251
  • SSRT071449
  • SSRT101004
mandriva MDKSA-2007:149
misc
openpkg OpenPKG-SA-2007.022
sectrack 1018442
secunia
  • 26148
  • 26152
  • 26160
  • 26180
  • 26195
  • 26217
  • 26227
  • 26231
  • 26236
  • 26261
  • 26308
  • 26330
  • 26509
  • 26515
  • 26531
  • 26605
  • 26607
  • 26847
  • 26925
  • 27643
sgi 20070801-01-P
slackware SSA:2007-207-01
sunalert 103018
suse SUSE-SA:2007:047
trustix 2007-0023
ubuntu USN-491-1
vupen
  • ADV-2007-2627
  • ADV-2007-2662
  • ADV-2007-2782
  • ADV-2007-2914
  • ADV-2007-2932
  • ADV-2007-3242
  • ADV-2007-3868
xf isc-bind-queryid-spoofing(35575)
statements via4
contributor Mark J Cox
lastmodified 2008-03-28
organization Red Hat
statement Updates are available for Red Hat Enterprise Linux 2.1, 3, 4, and 5 to correct this issue: http://rhn.redhat.com/errata/RHSA-2007-0740.html
Last major update 16-03-2015 - 21:59
Published 24-07-2007 - 13:30
Last modified 30-10-2018 - 12:27
Back to Top