ID CVE-2007-2926
Summary ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.
References
Vulnerable Configurations
  • cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
oval via4
  • accepted 2013-04-29T04:04:22.127-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.
    family unix
    id oval:org.mitre.oval:def:10293
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.
    version 24
  • accepted 2007-09-27T08:57:47.043-04:00
    class vulnerability
    contributors
    name Nicholas Hansen
    organization Opsware, Inc.
    definition_extensions
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.
    family unix
    id oval:org.mitre.oval:def:2226
    status accepted
    submitted 2007-08-23T13:32:59.000-04:00
    title Security Vulnerability in Solaris 10 BIND: Susceptible to Cache Poisoning Attack
    version 33
redhat via4
advisories
bugzilla
id 248851
title CVE-2007-2926 bind cryptographically weak query ids
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhba:tst:20070026001
    • OR
      • AND
        • comment bind is earlier than 20:9.2.4-21.el3
          oval oval:com.redhat.rhsa:tst:20070740002
        • comment bind is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070044003
      • AND
        • comment bind-chroot is earlier than 20:9.2.4-21.el3
          oval oval:com.redhat.rhsa:tst:20070740006
        • comment bind-chroot is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070044009
      • AND
        • comment bind-devel is earlier than 20:9.2.4-21.el3
          oval oval:com.redhat.rhsa:tst:20070740010
        • comment bind-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070044005
      • AND
        • comment bind-libs is earlier than 20:9.2.4-21.el3
          oval oval:com.redhat.rhsa:tst:20070740008
        • comment bind-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070044007
      • AND
        • comment bind-utils is earlier than 20:9.2.4-21.el3
          oval oval:com.redhat.rhsa:tst:20070740004
        • comment bind-utils is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070044011
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment bind is earlier than 20:9.2.4-27.0.1.el4
          oval oval:com.redhat.rhsa:tst:20070740013
        • comment bind is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070044003
      • AND
        • comment bind-chroot is earlier than 20:9.2.4-27.0.1.el4
          oval oval:com.redhat.rhsa:tst:20070740014
        • comment bind-chroot is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070044009
      • AND
        • comment bind-devel is earlier than 20:9.2.4-27.0.1.el4
          oval oval:com.redhat.rhsa:tst:20070740017
        • comment bind-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070044005
      • AND
        • comment bind-libs is earlier than 20:9.2.4-27.0.1.el4
          oval oval:com.redhat.rhsa:tst:20070740016
        • comment bind-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070044007
      • AND
        • comment bind-utils is earlier than 20:9.2.4-27.0.1.el4
          oval oval:com.redhat.rhsa:tst:20070740015
        • comment bind-utils is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070044011
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment bind is earlier than 30:9.3.3-9.0.1.el5
          oval oval:com.redhat.rhsa:tst:20070740019
        • comment bind is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057003
      • AND
        • comment bind-chroot is earlier than 30:9.3.3-9.0.1.el5
          oval oval:com.redhat.rhsa:tst:20070740033
        • comment bind-chroot is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057005
      • AND
        • comment bind-devel is earlier than 30:9.3.3-9.0.1.el5
          oval oval:com.redhat.rhsa:tst:20070740027
        • comment bind-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057007
      • AND
        • comment bind-libbind-devel is earlier than 30:9.3.3-9.0.1.el5
          oval oval:com.redhat.rhsa:tst:20070740029
        • comment bind-libbind-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057015
      • AND
        • comment bind-libs is earlier than 30:9.3.3-9.0.1.el5
          oval oval:com.redhat.rhsa:tst:20070740031
        • comment bind-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057017
      • AND
        • comment bind-sdb is earlier than 30:9.3.3-9.0.1.el5
          oval oval:com.redhat.rhsa:tst:20070740021
        • comment bind-sdb is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057009
      • AND
        • comment bind-utils is earlier than 30:9.3.3-9.0.1.el5
          oval oval:com.redhat.rhsa:tst:20070740023
        • comment bind-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057011
      • AND
        • comment caching-nameserver is earlier than 30:9.3.3-9.0.1.el5
          oval oval:com.redhat.rhsa:tst:20070740025
        • comment caching-nameserver is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070057013
rhsa
id RHSA-2007:0740
released 2007-07-24
severity Moderate
title RHSA-2007:0740: bind security update (Moderate)
rpms
  • bind-20:9.2.4-21.el3
  • bind-chroot-20:9.2.4-21.el3
  • bind-devel-20:9.2.4-21.el3
  • bind-libs-20:9.2.4-21.el3
  • bind-utils-20:9.2.4-21.el3
  • bind-20:9.2.4-27.0.1.el4
  • bind-chroot-20:9.2.4-27.0.1.el4
  • bind-devel-20:9.2.4-27.0.1.el4
  • bind-libs-20:9.2.4-27.0.1.el4
  • bind-utils-20:9.2.4-27.0.1.el4
  • bind-30:9.3.3-9.0.1.el5
  • bind-chroot-30:9.3.3-9.0.1.el5
  • bind-devel-30:9.3.3-9.0.1.el5
  • bind-libbind-devel-30:9.3.3-9.0.1.el5
  • bind-libs-30:9.3.3-9.0.1.el5
  • bind-sdb-30:9.3.3-9.0.1.el5
  • bind-utils-30:9.3.3-9.0.1.el5
  • caching-nameserver-30:9.3.3-9.0.1.el5
refmap via4
aixapar
  • IZ02218
  • IZ02219
apple APPLE-SA-2007-11-14
bid
  • 25037
  • 26444
bugtraq
  • 20070724 "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)
  • 20070724 Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)
  • 20070726 Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)
  • 20070727 Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)
cert TA07-319A
cert-vn VU#252735
confirm
debian DSA-1341
freebsd FreeBSD-SA-07:07
gentoo GLSA-200708-13
hp
  • HPSBOV02261
  • HPSBOV03226
  • HPSBTU02256
  • HPSBUX02251
  • SSRT071449
  • SSRT101004
mandriva MDKSA-2007:149
misc
openpkg OpenPKG-SA-2007.022
sectrack 1018442
secunia
  • 26148
  • 26152
  • 26160
  • 26180
  • 26195
  • 26217
  • 26227
  • 26231
  • 26236
  • 26261
  • 26308
  • 26330
  • 26509
  • 26515
  • 26531
  • 26605
  • 26607
  • 26847
  • 26925
  • 27643
sgi 20070801-01-P
slackware SSA:2007-207-01
sunalert 103018
suse SUSE-SA:2007:047
trustix 2007-0023
ubuntu USN-491-1
vupen
  • ADV-2007-2627
  • ADV-2007-2662
  • ADV-2007-2782
  • ADV-2007-2914
  • ADV-2007-2932
  • ADV-2007-3242
  • ADV-2007-3868
xf isc-bind-queryid-spoofing(35575)
statements via4
contributor Mark J Cox
lastmodified 2008-03-28
organization Red Hat
statement Updates are available for Red Hat Enterprise Linux 2.1, 3, 4, and 5 to correct this issue: http://rhn.redhat.com/errata/RHSA-2007-0740.html
Last major update 30-10-2018 - 16:27
Published 24-07-2007 - 17:30
Back to Top