ID CVE-2007-2930
Summary The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.
References
Vulnerable Configurations
  • ISC BIND 8.4.7
    cpe:2.3:a:isc:bind:8.4.7
CVSS
Base: 4.3 (as of 12-09-2007 - 15:56)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
exploit-db via4
  • description ISC BIND 8 Remote Cache Poisoning Vulnerability (1). CVE-2007-2930. Remote exploit for linux platform
    id EDB-ID:30535
    last seen 2016-02-03
    modified 2007-08-27
    published 2007-08-27
    reporter Amit Klein
    source https://www.exploit-db.com/download/30535/
    title ISC BIND 8 - Remote Cache Poisoning Vulnerability 1
  • description ISC BIND 8 Remote Cache Poisoning Vulnerability (2). CVE-2007-2930. Remote exploit for linux platform
    id EDB-ID:30536
    last seen 2016-02-03
    modified 2007-08-27
    published 2007-08-27
    reporter Amit Klein
    source https://www.exploit-db.com/download/30536/
    title ISC BIND 8 - Remote Cache Poisoning Vulnerability 2
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_X86_109327.NASL
    description SunOS 5.8_x86: libresolv.so.2, in.named an. Date this patch was last updated by Sun : Mar/09/09
    last seen 2018-09-02
    modified 2016-12-12
    plugin id 13429
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13429
    title Solaris 8 (x86) : 109327-24
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_109326.NASL
    description SunOS 5.8: libresolv.so.2, in.named and BI. Date this patch was last updated by Sun : Mar/09/09
    last seen 2018-09-01
    modified 2016-12-12
    plugin id 13321
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13321
    title Solaris 8 (sparc) : 109326-24
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_112837.NASL
    description SunOS 5.9: in.dhcpd libresolv and BIND9 pa. Date this patch was last updated by Sun : Jul/21/11
    last seen 2018-09-02
    modified 2016-12-12
    plugin id 26165
    published 2007-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26165
    title Solaris 9 (sparc) : 112837-24
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHNE_36185.NASL
    description s700_800 11.11 Bind 8.1.2 Patch : A potential vulnerability has been identified with HP-UX running BIND 8. The vulnerability could be exploited remotely to cause DNS cache poisoning.
    last seen 2019-01-16
    modified 2013-04-20
    plugin id 29199
    published 2007-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29199
    title HP-UX PHNE_36185 : HP-UX Running BIND 8, Remote DNS Cache Poisoning (HPSBUX02289 SSRT071461 rev.1)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_114265.NASL
    description SunOS 5.9_x86: in.dhcpd libresolv and BIND. Date this patch was last updated by Sun : Jul/21/11
    last seen 2018-09-01
    modified 2016-12-12
    plugin id 27094
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27094
    title Solaris 9 (x86) : 114265-23
oval via4
accepted 2007-11-19T04:01:00.472-05:00
class vulnerability
contributors
name Todd Dolinsky
organization Opsware, Inc.
definition_extensions
  • comment Solaris 8 (SPARC) is installed
    oval oval:org.mitre.oval:def:1539
  • comment Solaris 8 (x86) is installed
    oval oval:org.mitre.oval:def:2059
  • comment Solaris 9 (SPARC) is installed
    oval oval:org.mitre.oval:def:1457
  • comment Solaris 9 (x86) is installed
    oval oval:org.mitre.oval:def:1683
description The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.
family unix
id oval:org.mitre.oval:def:2154
status accepted
submitted 2007-10-16T10:34:50.000-04:00
title Security Vulnerability in BIND 8 May Allow Cache Poisoning Attack
version 32
refmap via4
bid 25459
bugtraq
  • 20070827 BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer)
  • 20071001 Re: BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer)
  • 20071006 Re: BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer)
cert-vn VU#927905
ciac R-333
confirm
hp
  • HPSBUX02289
  • SSRT071461
misc http://www.trusteer.com/docs/bind8dns.html
sectrack 1018615
secunia
  • 26629
  • 26858
  • 27433
  • 27459
  • 27465
  • 27696
sunalert
  • 103063
  • 200859
vupen
  • ADV-2007-2991
  • ADV-2007-3192
  • ADV-2007-3639
  • ADV-2007-3668
  • ADV-2007-3936
statements via4
contributor Mark J Cox
lastmodified 2007-09-12
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Last major update 07-03-2011 - 21:55
Published 11-09-2007 - 21:17
Last modified 16-10-2018 - 12:46
Back to Top