BIND Generates Predictable Query IDs That May Facilitate Cache Poisoning Attacks
|
|
SecurityTracker Alert ID: 1018442
|
|
SecurityTracker URL: http://securitytracker.com/id?1018442
|
|
CVE Reference: CVE-2007-2926
(Links to External Site)
|
Updated: Jul 24 2007
|
Original Entry Date: Jul 24 2007
|
Impact: Modification of system information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 9.0.x, 9.1.x, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.7, 9.2.8, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.4.0, 9.4.1, 9.5.0a1, 9.5.0a2, 9.5.0a3, 9.5.0a4, 9.5.0a5
|
Description: A vulnerability was reported in BIND. A remote user can conduct cache poisoning attacks.
The system generates query IDs that have a 1 out of 8 chance of being guessed for half of the query IDs. A remote user may be able
to exploit this to conduct cache poisoning attacks.
Only outgoing queries are affected.
Amit Klein from Trusteer (www.trusteer.com)
discovered this vulnerability.
|
Impact: A remote user can conduct cache poisoning attacks.
|
Solution: The vendor has issued a fixed version (9.5.0a6).
|
Vendor URL: www.isc.org/ (Links to External Site)
|
Cause: Randomization error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 24 Jul 2007 01:13:10 -0400
Subject: BIND
|
CVE-2007-2926
> The DNS query id generation is vulnerable to cryptographic analysis which provides a
> 1 in 8 chance of guessing the next query id for 50% of the query ids. This can be
> used to perform cache poisoning by an attacker.
|
|
