ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N
Vendors Products
Isc
  • Bind

Configuration 1 [-]

OR cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
References
Link Resource
ftp://aix.software.ibm.com/aix/efixes/security/README
ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc
http://docs.info.apple.com/article.html?artnum=307041
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01123426
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01154600
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01174368
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
http://marc.info/?l=bugtraq&m=141879471518471&w=2
http://secunia.com/advisories/26148
http://secunia.com/advisories/26152 Vendor Advisory
http://secunia.com/advisories/26160
http://secunia.com/advisories/26180
http://secunia.com/advisories/26195
http://secunia.com/advisories/26217
http://secunia.com/advisories/26227
http://secunia.com/advisories/26231
http://secunia.com/advisories/26236
http://secunia.com/advisories/26261
http://secunia.com/advisories/26308
http://secunia.com/advisories/26330
http://secunia.com/advisories/26509
http://secunia.com/advisories/26515
http://secunia.com/advisories/26531
http://secunia.com/advisories/26605
http://secunia.com/advisories/26607
http://secunia.com/advisories/26847
http://secunia.com/advisories/26925
http://secunia.com/advisories/27643
http://security.freebsd.org/advisories/FreeBSD-SA-07:07.bind.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103018-1
http://support.avaya.com/elmodocs2/security/ASA-2007-389.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903
http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02218&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02219&apar=only
http://www.debian.org/security/2007/dsa-1341
http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml
http://www.isc.org/index.pl?/sw/bind/bind-security.php
http://www.kb.cert.org/vuls/id/252735 US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2007:149
http://www.novell.com/linux/security/advisories/2007_47_bind.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html
http://www.redhat.com/support/errata/RHSA-2007-0740.html
http://www.securiteam.com/securitynews/5VP0L0UM0A.html
http://www.securityfocus.com/archive/1/474516/100/0/threaded
http://www.securityfocus.com/archive/1/474545/100/0/threaded
http://www.securityfocus.com/archive/1/474808/100/0/threaded
http://www.securityfocus.com/archive/1/474856/100/0/threaded
http://www.securityfocus.com/bid/25037
http://www.securityfocus.com/bid/26444
http://www.securitytracker.com/id?1018442
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385
http://www.trusteer.com/docs/bind9dns.html
http://www.trusteer.com/docs/bind9dns_s.html
http://www.trustix.org/errata/2007/0023/
http://www.ubuntu.com/usn/usn-491-1
http://www.us-cert.gov/cas/techalerts/TA07-319A.html US Government Resource
http://www.vupen.com/english/advisories/2007/2627
http://www.vupen.com/english/advisories/2007/2662
http://www.vupen.com/english/advisories/2007/2782
http://www.vupen.com/english/advisories/2007/2914
http://www.vupen.com/english/advisories/2007/2932
http://www.vupen.com/english/advisories/2007/3242
http://www.vupen.com/english/advisories/2007/3868
https://exchange.xforce.ibmcloud.com/vulnerabilities/35575
https://issues.rpath.com/browse/RPL-1587
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10293
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2226
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2007-07-24T17:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-05-30T00:00:00

Link: CVE-2007-2926

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2007-07-24T17:30:00.000

Modified: 2018-10-30T16:27:02.233

Link: CVE-2007-2926

JSON object: View

cve-icon Redhat Information

No data.

CWE