[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250108

 
 

909

 
 

196064

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-2926Date: (C)2007-07-24   (M)2023-12-22


ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1018442
SUNALERT-103018
2007-0023
http://www.securityfocus.com/archive/1/474516/100/0/threaded
http://www.securityfocus.com/archive/1/474545/100/0/threaded
http://www.securityfocus.com/archive/1/474808/100/0/threaded
http://www.securityfocus.com/archive/1/474856/100/0/threaded
20070801-01-P
BID-25037
SECUNIA-26148
SECUNIA-26152
SECUNIA-26160
SECUNIA-26180
SECUNIA-26195
SECUNIA-26217
SECUNIA-26227
SECUNIA-26231
SECUNIA-26236
SECUNIA-26261
SECUNIA-26308
SECUNIA-26330
BID-26444
SECUNIA-26509
SECUNIA-26515
SECUNIA-26531
SECUNIA-26605
SECUNIA-26607
SECUNIA-26847
SECUNIA-26925
SECUNIA-27643
ADV-2007-2627
ADV-2007-2662
ADV-2007-2782
ADV-2007-2914
ADV-2007-2932
ADV-2007-3242
ADV-2007-3868
APPLE-SA-2007-11-14
DSA-1341
FreeBSD-SA-07:07
GLSA-200708-13
HPSBOV02261
HPSBOV03226
HPSBTU02256
HPSBUX02251
IZ02218
IZ02219
MDKSA-2007:149
OpenPKG-SA-2007.022
RHSA-2007:0740
SSA:2007-207-01
SUSE-SA:2007:047
TA07-319A
USN-491-1
VU#252735
ftp://aix.software.ibm.com/aix/efixes/security/README
http://docs.info.apple.com/article.html?artnum=307041
http://support.avaya.com/elmodocs2/security/ASA-2007-389.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903
http://www.isc.org/index.pl?/sw/bind/bind-security.php
http://www.securiteam.com/securitynews/5VP0L0UM0A.html
http://www.trusteer.com/docs/bind9dns.html
http://www.trusteer.com/docs/bind9dns_s.html
https://issues.rpath.com/browse/RPL-1587
isc-bind-queryid-spoofing(35575)
oval:org.mitre.oval:def:10293
oval:org.mitre.oval:def:2226

CPE    7
cpe:/a:isc:bind:9.5.0
cpe:/a:isc:bind:9.3
cpe:/a:isc:bind:9.4
cpe:/a:isc:bind:9.5
...

© SecPod Technologies