Published: 24/07/2007 Updated: 30/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

ISC BIND 9 up to and including 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote malicious users to guess the next query id and perform DNS cache poisoning.

Vulnerable Product	Search on Vulmon	Subscribe to Product
isc bind 9.3
isc bind 9.4
isc bind 9.5
isc bind 9.5.0
isc bind 9.0
isc bind 9.1
isc bind 9.2

A flaw was discovered in Bind’s sequence number generator A remote attacker could calculate future sequence numbers and send forged DNS query responses This could lead to client connections being directed to attacker-controlled hosts, resulting in credential theft and other attacks ...

This update provides fixed packages for the oldstable distribution (sarge) For reference the original advisory text: Amit Klein discovered that the BIND name server generates predictable DNS query IDs, which may lead to cache poisoning attacks For the oldstable distribution (sarge) this problem has been fixed in version 924-1sarge3 An update ...

#!/usr/bin/env python """ DNS Cache Poison v03beta by posedge based on the Amit Klein paper: wwwtrusteercom/docs/bind9dnshtml output: <time>:<ip>:<port>: id: <id> q: <query> g: <good> e: <error> id: ID to predict q: number of queries from the DNS server (only queries with LSB at 0 in ID) g: nu ...

NVD-CWE-Other http://www.isc.org/index.pl?/sw/bind/bind-security.php http://secunia.com/advisories/26152 http://www.securityfocus.com/archive/1/474545/100/0/threaded http://www.securityfocus.com/archive/1/474856/100/0/threaded http://www.securiteam.com/securitynews/5VP0L0UM0A.html http://www.trusteer.com/docs/bind9dns.html http://www.trusteer.com/docs/bind9dns_s.html https://issues.rpath.com/browse/RPL-1587 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903 ftp://aix.software.ibm.com/aix/efixes/security/README http://support.avaya.com/elmodocs2/security/ASA-2007-389.htm http://docs.info.apple.com/article.html?artnum=307041 http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02218&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02219&apar=only http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://www.debian.org/security/2007/dsa-1341 http://security.freebsd.org/advisories/FreeBSD-SA-07:07.bind.asc http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01174368 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01154600 http://www.mandriva.com/security/advisories?name=MDKSA-2007:149 http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html http://www.redhat.com/support/errata/RHSA-2007-0740.html ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103018-1 http://www.novell.com/linux/security/advisories/2007_47_bind.html http://www.trustix.org/errata/2007/0023/http://www.ubuntu.com/usn/usn-491-1 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.kb.cert.org/vuls/id/252735 http://www.securityfocus.com/bid/25037 http://www.securityfocus.com/bid/26444 http://www.securitytracker.com/id?1018442 http://secunia.com/advisories/26195 http://secunia.com/advisories/26160 http://secunia.com/advisories/26227 http://secunia.com/advisories/26148 http://secunia.com/advisories/26231 http://secunia.com/advisories/26330 http://secunia.com/advisories/26261 http://secunia.com/advisories/26308 http://secunia.com/advisories/26509 http://secunia.com/advisories/26515 http://secunia.com/advisories/26531 http://secunia.com/advisories/26607 http://secunia.com/advisories/26847 http://secunia.com/advisories/26925 http://secunia.com/advisories/26180 http://secunia.com/advisories/26217 http://secunia.com/advisories/26236 http://secunia.com/advisories/26605 http://secunia.com/advisories/27643 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01123426 http://www.vupen.com/english/advisories/2007/2932 http://www.vupen.com/english/advisories/2007/2914 http://www.vupen.com/english/advisories/2007/2662 http://www.vupen.com/english/advisories/2007/2627 http://www.vupen.com/english/advisories/2007/2782 http://www.vupen.com/english/advisories/2007/3868 http://www.vupen.com/english/advisories/2007/3242 http://marc.info/?l=bugtraq&m=141879471518471&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/35575 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2226 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10293 http://www.securityfocus.com/archive/1/474808/100/0/threaded http://www.securityfocus.com/archive/1/474516/100/0/threaded https://usn.ubuntu.com/491-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/4266/https://www.kb.cert.org/vuls/id/252735

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-2926

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect