ID CVE-2007-2930
Summary The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.
References
Vulnerable Configurations
  • cpe:2.3:a:isc:bind:-:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:-:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:4:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:4.9:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:4.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:4.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:4.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:4.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:4.9.5:p1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4.9.5:p1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:4.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:4.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:4.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:4.9.9:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4.9.9:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:4.9.10:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:4.9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.2:p1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.2:p1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.2.2:p1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.2.2:p1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.2.2:p2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.2.2:p2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.2.2:p3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.2.2:p3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.2.2:p4:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.2.2:p4:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.2.2:p5:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.2.2:p5:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.2.2:p6:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.2.2:p6:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.2.2:p7:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.2.2:p7:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.2.3:t1a:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.2.3:t1a:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.2.3:t9b:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.2.3:t9b:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.2.3_t1a:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.2.3_t1a:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.2.3_t9b:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.2.3_t9b:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.4:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:8.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:8.4.7:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 16-10-2018 - 16:46)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
oval via4
accepted 2007-11-19T04:01:00.472-05:00
class vulnerability
contributors
name Todd Dolinsky
organization Opsware, Inc.
definition_extensions
  • comment Solaris 8 (SPARC) is installed
    oval oval:org.mitre.oval:def:1539
  • comment Solaris 8 (x86) is installed
    oval oval:org.mitre.oval:def:2059
  • comment Solaris 9 (SPARC) is installed
    oval oval:org.mitre.oval:def:1457
  • comment Solaris 9 (x86) is installed
    oval oval:org.mitre.oval:def:1683
description The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.
family unix
id oval:org.mitre.oval:def:2154
status accepted
submitted 2007-10-16T10:34:50.000-04:00
title Security Vulnerability in BIND 8 May Allow Cache Poisoning Attack
version 36
refmap via4
bid 25459
bugtraq
  • 20070827 BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer)
  • 20071001 Re: BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer)
  • 20071006 Re: BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer)
cert-vn VU#927905
ciac R-333
confirm
hp
  • HPSBUX02289
  • SSRT071461
misc http://www.trusteer.com/docs/bind8dns.html
sectrack 1018615
secunia
  • 26629
  • 26858
  • 27433
  • 27459
  • 27465
  • 27696
sunalert
  • 103063
  • 200859
vupen
  • ADV-2007-2991
  • ADV-2007-3192
  • ADV-2007-3639
  • ADV-2007-3668
  • ADV-2007-3936
statements via4
contributor Mark J Cox
lastmodified 2007-09-12
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Last major update 16-10-2018 - 16:46
Published 12-09-2007 - 01:17
Back to Top