[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250108

 
 

909

 
 

196064

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-2930Date: (C)2007-09-11   (M)2023-12-22


The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1018615
SUNALERT-103063
http://www.securityfocus.com/archive/1/477870/100/100/threaded
http://www.securityfocus.com/archive/1/481424/100/0/threaded
http://www.securityfocus.com/archive/1/481659/100/0/threaded
SUNALERT-200859
BID-25459
SECUNIA-26629
SECUNIA-26858
SECUNIA-27433
SECUNIA-27459
SECUNIA-27465
SECUNIA-27696
ADV-2007-2991
ADV-2007-3192
ADV-2007-3639
ADV-2007-3668
ADV-2007-3936
HPSBUX02289
R-333
VU#927905
http://support.avaya.com/elmodocs2/security/ASA-2007-448.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=653968
http://www.isc.org/index.pl?/sw/bind/bind8-eol.php
http://www.trusteer.com/docs/bind8dns.html
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/43/022954-01.pdf
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3975
oval:org.mitre.oval:def:2154

CPE    1
cpe:/a:isc:bind

© SecPod Technologies