National Vulnerability Database (NVD) National Vulnerability Database (CVE-2007-2926)

National Cyber-Alert System

Vulnerability Summary for CVE-2007-2926

Original release date:07/24/2007

Last revised:02/18/2009

Source: US-CERT/NIST

Overview

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type:Allows unauthorized modification

Vendor Statements (disclaimer)

Official Statement from Red Hat (03/28/2008)

Updates are available for Red Hat Enterprise Linux 2.1, 3, 4, and 5 to correct this issue: http://rhn.redhat.com/errata/RHSA-2007-0740.html

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA07-319A

Name: TA07-319A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA07-319A.html

US-CERT Vulnerability Note: VU#252735

Name: VU#252735

Hyperlink:http://www.kb.cert.org/vuls/id/252735

External Source: VUPEN

Name: ADV-2007-2627

Type: Advisory; Patch Information

Hyperlink:http://www.frsirt.com/english/advisories/2007/2627

External Source: CONFIRM

Name: http://www.isc.org/index.pl?/sw/bind/bind-security.php

Hyperlink:http://www.isc.org/index.pl?/sw/bind/bind-security.php

External Source: SECUNIA

Name: 26152

Type: Advisory

Hyperlink:http://secunia.com/advisories/26152

External Source: HP

Name: HPSBUX02251

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01123426

External Source: HP

Name: HPSBUX02251

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01123426

External Source: CONFIRM

Name: https://issues.rpath.com/browse/RPL-1587

Hyperlink:https://issues.rpath.com/browse/RPL-1587

External Source: XF

Name: isc-bind-queryid-spoofing(35575)

Hyperlink:http://xforce.iss.net/xforce/xfdb/35575

External Source: UBUNTU

Name: USN-491-1

Hyperlink:http://www.ubuntu.com/usn/usn-491-1

External Source: TRUSTIX

Name: 2007-0023

Hyperlink:http://www.trustix.org/errata/2007/0023/

External Source: MISC

Name: http://www.trusteer.com/docs/bind9dns_s.html

Hyperlink:http://www.trusteer.com/docs/bind9dns_s.html

External Source: MISC

Name: http://www.trusteer.com/docs/bind9dns.html

Hyperlink:http://www.trusteer.com/docs/bind9dns.html

External Source: SLACKWARE

Name: SSA:2007-207-01

Hyperlink:http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385

External Source: SECTRACK

Name: 1018442

Hyperlink:http://www.securitytracker.com/id?1018442

External Source: BID

Name: 26444

Hyperlink:http://www.securityfocus.com/bid/26444

External Source: BID

Name: 25037

Hyperlink:http://www.securityfocus.com/bid/25037

External Source: BUGTRAQ

Name: 20070726 Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/474808/100/0/threaded

External Source: BUGTRAQ

Name: 20070724 "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/474516/100/0/threaded

External Source: BUGTRAQ

Name: 20070727 Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)

Hyperlink:http://www.securityfocus.com/archive/1/474856/100/0/threaded

External Source: BUGTRAQ

Name: 20070724 Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)

Hyperlink:http://www.securityfocus.com/archive/1/474545/100/0/threaded

External Source: MISC

Name: http://www.securiteam.com/securitynews/5VP0L0UM0A.html

Hyperlink:http://www.securiteam.com/securitynews/5VP0L0UM0A.html

External Source: REDHAT

Name: RHSA-2007:0740

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0740.html

External Source: OPENPKG

Name: OpenPKG-SA-2007.022

Hyperlink:http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html

External Source: SUSE

Name: SUSE-SA:2007:047

Hyperlink:http://www.novell.com/linux/security/advisories/2007_47_bind.html

External Source: MANDRIVA

Name: MDKSA-2007:149

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:149

External Source: GENTOO

Name: GLSA-200708-13

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml

External Source: VUPEN

Name: ADV-2007-3868

Hyperlink:http://www.frsirt.com/english/advisories/2007/3868

External Source: VUPEN

Name: ADV-2007-3242

Hyperlink:http://www.frsirt.com/english/advisories/2007/3242

External Source: VUPEN

Name: ADV-2007-2932

Hyperlink:http://www.frsirt.com/english/advisories/2007/2932

External Source: VUPEN

Name: ADV-2007-2914

Hyperlink:http://www.frsirt.com/english/advisories/2007/2914

External Source: VUPEN

Name: ADV-2007-2782

Hyperlink:http://www.frsirt.com/english/advisories/2007/2782

External Source: VUPEN

Name: ADV-2007-2662

Hyperlink:http://www.frsirt.com/english/advisories/2007/2662

External Source: DEBIAN

Name: DSA-1341

Hyperlink:http://www.debian.org/security/2007/dsa-1341

External Source: AIXAPAR

Name: IZ02219

Hyperlink:http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02219&apar=only

External Source: AIXAPAR

Name: IZ02218

Hyperlink:http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02218&apar=only

External Source: CONFIRM

Name: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903

Hyperlink:http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2007-389.htm

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2007-389.htm

External Source: SUNALERT

Name: 103018

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103018-1

External Source: FREEBSD

Name: FreeBSD-SA-07:07

Hyperlink:http://security.freebsd.org/advisories/FreeBSD-SA-07:07.bind.asc

External Source: SECUNIA

Name: 27643

Hyperlink:http://secunia.com/advisories/27643

External Source: SECUNIA

Name: 26925

Hyperlink:http://secunia.com/advisories/26925

External Source: SECUNIA

Name: 26847

Hyperlink:http://secunia.com/advisories/26847

External Source: SECUNIA

Name: 26607

Hyperlink:http://secunia.com/advisories/26607

External Source: SECUNIA

Name: 26605

Hyperlink:http://secunia.com/advisories/26605

External Source: SECUNIA

Name: 26531

Hyperlink:http://secunia.com/advisories/26531

External Source: SECUNIA

Name: 26515

Hyperlink:http://secunia.com/advisories/26515

External Source: SECUNIA

Name: 26509

Hyperlink:http://secunia.com/advisories/26509

External Source: SECUNIA

Name: 26330

Hyperlink:http://secunia.com/advisories/26330

External Source: SECUNIA

Name: 26308

Hyperlink:http://secunia.com/advisories/26308

External Source: SECUNIA

Name: 26261

Hyperlink:http://secunia.com/advisories/26261

External Source: SECUNIA

Name: 26236

Hyperlink:http://secunia.com/advisories/26236

External Source: SECUNIA

Name: 26231

Hyperlink:http://secunia.com/advisories/26231

External Source: SECUNIA

Name: 26227

Hyperlink:http://secunia.com/advisories/26227

External Source: SECUNIA

Name: 26217

Hyperlink:http://secunia.com/advisories/26217

External Source: SECUNIA

Name: 26195

Hyperlink:http://secunia.com/advisories/26195

External Source: SECUNIA

Name: 26180

Hyperlink:http://secunia.com/advisories/26180

External Source: SECUNIA

Name: 26160

Hyperlink:http://secunia.com/advisories/26160

External Source: SECUNIA

Name: 26148

Hyperlink:http://secunia.com/advisories/26148

External Source: APPLE

Name: APPLE-SA-2007-11-14

Hyperlink:http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html

External Source: HP

Name: HPSBOV02261

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01174368

External Source: HP

Name: HPSBTU02256

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01154600

External Source: HP

Name: HPSBUX02251

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01123426

External Source: CONFIRM

Name: http://docs.info.apple.com/article.html?artnum=307041

Hyperlink:http://docs.info.apple.com/article.html?artnum=307041

External Source: SGI

Name: 20070801-01-P

Hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc

External Source: CONFIRM

Name: ftp://aix.software.ibm.com/aix/efixes/security/README

Hyperlink:ftp://aix.software.ibm.com/aix/efixes/security/README

US Government Resource: oval:org.mitre.oval:def:2226

Name: oval:org.mitre.oval:def:2226

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2226

Vulnerable software and versions

Configuration 1

* cpe:/a:isc:bind:9.0

* cpe:/a:isc:bind:9.1

* cpe:/a:isc:bind:9.2

* cpe:/a:isc:bind:9.3

* cpe:/a:isc:bind:9.4

* cpe:/a:isc:bind:9.5

* cpe:/a:isc:bind:9.5.0a1

* cpe:/a:isc:bind:9.5.0a2

* cpe:/a:isc:bind:9.5.0a3

* cpe:/a:isc:bind:9.5.0a4

* cpe:/a:isc:bind:9.5.0a5

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926