FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-2926

This CVE name corresponds to:

Entered Topic
2007-08-02 FreeBSD -- Predictable query ids in named(8)

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-2926 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-2926
Phase Assigned(20070530)

Description

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

References

Source Reference
BUGTRAQ 20070724 Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)
BUGTRAQ 20070726 Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)
BUGTRAQ 20070727 Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)
BUGTRAQ 20070724 "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)
MISC http://www.securiteam.com/securitynews/5VP0L0UM0A.html
MISC http://www.trusteer.com/docs/bind9dns.html
MISC http://www.trusteer.com/docs/bind9dns_s.html
CONFIRM http://www.isc.org/index.pl?/sw/bind/bind-security.php
CONFIRM https://issues.rpath.com/browse/RPL-1587
CONFIRM http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903
CONFIRM ftp://aix.software.ibm.com/aix/efixes/security/README
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-389.htm
CONFIRM http://docs.info.apple.com/article.html?artnum=307041
AIXAPAR IZ02218
AIXAPAR IZ02219
APPLE APPLE-SA-2007-11-14
DEBIAN DSA-1341
FREEBSD FreeBSD-SA-07:07
GENTOO GLSA-200708-13
HP HPSBUX02251
HP SSRT071449
HP HPSBOV02261
HP HPSBTU02256
HP HPSBOV03226
HP SSRT101004
MANDRIVA MDKSA-2007:149
OPENPKG OpenPKG-SA-2007.022
REDHAT RHSA-2007:0740
SGI 20070801-01-P
SLACKWARE SSA:2007-207-01
SUNALERT 103018
SUSE SUSE-SA:2007:047
TRUSTIX 2007-0023
UBUNTU USN-491-1
CERT TA07-319A
CERT-VN VU#252735
BID 25037
BID 26444
OVAL oval:org.mitre.oval:def:10293
VUPEN ADV-2007-2627
VUPEN ADV-2007-2662
VUPEN ADV-2007-2782
VUPEN ADV-2007-2914
VUPEN ADV-2007-2932
VUPEN ADV-2007-3242
VUPEN ADV-2007-3868
OVAL oval:org.mitre.oval:def:2226
SECTRACK 1018442
SECUNIA 26152
SECUNIA 26195
SECUNIA 26160
SECUNIA 26227
SECUNIA 26148
SECUNIA 26231
SECUNIA 26330
SECUNIA 26261
SECUNIA 26308
SECUNIA 26509
SECUNIA 26515
SECUNIA 26531
SECUNIA 26607
SECUNIA 26847
SECUNIA 26925
SECUNIA 26180
SECUNIA 26217
SECUNIA 26236
SECUNIA 26605
SECUNIA 27643
XF isc-bind-queryid-spoofing(35575)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.