Vulnerability Note VU#252735

ISC BIND generates cryptographically weak DNS query IDs

Original Release date: 27 Jul 2007 | Last revised: 06 Aug 2008

Overview

ISC (Internet Systems Consortiuim) BIND generates cryptographically weak DNS query IDs which could allow a remote attacker to poison DNS caches.

Description

From the ISC Bind security page:

    The DNS query id generation is vulnerable to cryptographic analysis which provides a 1 in 8 chance of guessing the next query id for 50% of the query ids. This can be used to perform cache poisoning by an attacker.

    This bug only affects outgoing queries, generated by BIND 9 to answer questions as a resolver, or when it is looking up data for internal uses, such as when sending NOTIFYs to slave name servers.

    All users are encouraged to upgrade.

Impact

A remote attacker could predict DNS query IDs and respond with arbitrary answers, thus poisoning DNS caches.

Solution

Upgrade or Patch

This issue is addressed in ISC BIND 9.2.8-P1, BIND 9.3.4-P1, BIND 9.4.1-P1 or BIND 9.5.0a6. Users who obtain BIND from their operating system vendor should see the systems affected portion of this document for a partial list of affected vendors.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Debian GNU/LinuxAffected26 Jul 200730 Jul 2007
FujitsuAffected26 Jul 200701 Oct 2007
Internet Software ConsortiumAffected-27 Jul 2007
Openwall GNU/*/LinuxAffected26 Jul 200708 Aug 2007
Red Hat, Inc.Affected26 Jul 200728 Jul 2007
Sun Microsystems, Inc.Affected26 Jul 200703 Aug 2007
SUSE LinuxAffected26 Jul 200703 Aug 2007
UbuntuAffected26 Jul 200706 Aug 2008
EMC CorporationNot Affected26 Jul 200730 Jul 2007
HitachiNot Affected26 Jul 200730 Jul 2007
Apple Computer, Inc.Unknown26 Jul 200726 Jul 2007
Conectiva Inc.Unknown26 Jul 200726 Jul 2007
Cray Inc.Unknown26 Jul 200726 Jul 2007
Engarde Secure LinuxUnknown26 Jul 200726 Jul 2007
F5 Networks, Inc.Unknown26 Jul 200726 Jul 2007
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by ISC who credit Amit Klein from Trusteer.

This document was written by Ryan Giobbi.

Other Information

  • CVE IDs: CVE-2007-2926
  • Date Public: 24 Jul 2007
  • Date First Published: 27 Jul 2007
  • Date Last Updated: 06 Aug 2008
  • Severity Metric: 3.83
  • Document Revision: 27

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.