SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
BIND Generates Predictable Query IDs That May Facilitate Cache Poisoning Attacks
SecurityTracker Alert ID:  1018442
SecurityTracker URL:  http://securitytracker.com/id/1018442
CVE Reference:   CVE-2007-2926   (Links to External Site)
Updated:  Jul 24 2007
Original Entry Date:  Jul 24 2007
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.0.x, 9.1.x, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.7, 9.2.8, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.4.0, 9.4.1, 9.5.0a1, 9.5.0a2, 9.5.0a3, 9.5.0a4, 9.5.0a5
Description:   A vulnerability was reported in BIND. A remote user can conduct cache poisoning attacks.

The system generates query IDs that have a 1 out of 8 chance of being guessed for half of the query IDs. A remote user may be able to exploit this to conduct cache poisoning attacks.

Only outgoing queries are affected.

Amit Klein from Trusteer (www.trusteer.com) discovered this vulnerability.

Impact:   A remote user can conduct cache poisoning attacks.
Solution:   The vendor has issued a fixed version (9.5.0a6).
Vendor URL:  www.isc.org/ (Links to External Site)
Cause:   Randomization error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 24 2007 (Red Hat Issues Fix) BIND Generates Predictable Query IDs That May Facilitate Cache Poisoning Attacks
Red Hat has released a fix for Red Hat Enterprise Linux 2.1, 3, 4, and 5.
Jul 26 2007 (Sun Issues Fix) BIND Generates Predictable Query IDs That May Facilitate Cache Poisoning Attacks
Sun has issued a fix for Solaris 10.
Aug 2 2007 (FreeBSD Issues Fix) BIND Generates Predictable Query IDs That May Facilitate Cache Poisoning Attacks
FreeBSD has released a fix.
Aug 4 2007 (HP Issues Fix for HP-UX) BIND Generates Predictable Query IDs That May Facilitate Cache Poisoning Attacks
HP has issued a fix for HP-UX.
Aug 21 2007 (IBM Issues Fix) BIND Generates Predictable Query IDs That May Facilitate Cache Poisoning Attacks
IBM has issued an interim fix for AIX 5.2 and 5.3.
Aug 31 2007 (HP Issues Patches for Tru64) BIND Generates Predictable Query IDs That May Facilitate Cache Poisoning Attacks
HP has issued patch kits for Tru64 UNIX 5.1B-3 and 5.1B-4.
Sep 14 2007 (NetBSD Issues Fix) BIND Generates Predictable Query IDs That May Facilitate Cache Poisoning Attacks
NetBSD has released a fix.
Sep 22 2007 (HP Issues Patch Kits for OpenVMS) BIND Generates Predictable Query IDs That May Facilitate Cache Poisoning Attacks
HP has issued patch kits for OpenVMS.
Dec 17 2014 (HP Issues Fix for TCP/IP Services for OpenVMS) BIND Generates Predictable Query IDs That May Facilitate Cache Poisoning Attacks
HP has issued a fix for TCP/IP Services for OpenVMS.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC