|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Vulnerability Note VU#252735
ISC BIND generates cryptographically weak DNS query IDs
OverviewISC (Internet Systems Consortiuim) BIND generates cryptographically weak DNS query IDs which could allow a remote attacker to poison DNS caches.
I. DescriptionFrom the ISC Bind security page:
The DNS query id generation is vulnerable to cryptographic analysis which provides a 1 in 8 chance of guessing the next query id for 50% of the query ids. This can be used to perform cache poisoning by an attacker.
This bug only affects outgoing queries, generated by BIND 9 to answer questions as a resolver, or when it is looking up data for internal uses, such as when sending NOTIFYs to slave name servers.
All users are encouraged to upgrade.
II. ImpactA remote attacker could predict DNS query IDs and respond with arbitrary answers, thus poisoning DNS caches.
III. SolutionUpgrade or Patch
This issue is addressed in ISC BIND 9.2.8-P1, BIND 9.3.4-P1, BIND 9.4.1-P1 or BIND 9.5.0a6. Users who obtain BIND from their operating system vendor should see the systems affected portion of this document for a partial list of affected vendors.
Systems Affected
| Vendor | Status | Date Updated |
|---|
| Apple Computer, Inc. | Unknown | 26-Jul-2007 |
| Conectiva Inc. | Unknown | 26-Jul-2007 |
| Cray Inc. | Unknown | 26-Jul-2007 |
| Debian GNU/Linux | Vulnerable | 30-Jul-2007 |
| EMC Corporation | Not Vulnerable | 30-Jul-2007 |
| Engarde Secure Linux | Unknown | 26-Jul-2007 |
| F5 Networks, Inc. | Unknown | 26-Jul-2007 |
| Fedora Project | Unknown | 26-Jul-2007 |
| FreeBSD, Inc. | Unknown | 26-Jul-2007 |
| Fujitsu | Vulnerable | 1-Oct-2007 |
| Gentoo Linux | Unknown | 26-Jul-2007 |
| Hewlett-Packard Company | Unknown | 26-Jul-2007 |
| Hitachi | Not Vulnerable | 30-Jul-2007 |
| IBM Corporation | Unknown | 26-Jul-2007 |
| IBM Corporation (zseries) | Unknown | 26-Jul-2007 |
| IBM eServer | Unknown | 26-Jul-2007 |
| Immunix Communications, Inc. | Unknown | 26-Jul-2007 |
| Ingrian Networks, Inc. | Unknown | 26-Jul-2007 |
| Internet Software Consortium | Vulnerable | 27-Jul-2007 |
| Juniper Networks, Inc. | Unknown | 26-Jul-2007 |
| Mandriva, Inc. | Unknown | 26-Jul-2007 |
| Microsoft Corporation | Unknown | 26-Jul-2007 |
| MontaVista Software, Inc. | Unknown | 26-Jul-2007 |
| NEC Corporation | Unknown | 26-Jul-2007 |
| NetBSD | Unknown | 26-Jul-2007 |
| Novell, Inc. | Unknown | 26-Jul-2007 |
| OpenBSD | Unknown | 26-Jul-2007 |
| Openwall GNU/*/Linux | Vulnerable | 8-Aug-2007 |
| QNX, Software Systems, Inc. | Unknown | 26-Jul-2007 |
| Red Hat, Inc. | Vulnerable | 28-Jul-2007 |
| Silicon Graphics, Inc. | Unknown | 26-Jul-2007 |
| Slackware Linux Inc. | Unknown | 26-Jul-2007 |
| Sony Corporation | Unknown | 26-Jul-2007 |
| Sun Microsystems, Inc. | Vulnerable | 3-Aug-2007 |
| SUSE Linux | Vulnerable | 3-Aug-2007 |
| The SCO Group | Unknown | 26-Jul-2007 |
| Trustix Secure Linux | Unknown | 26-Jul-2007 |
| Turbolinux | Unknown | 26-Jul-2007 |
| Ubuntu | Vulnerable | 6-Aug-2008 |
| Unisys | Unknown | 26-Jul-2007 |
| Wind River Systems, Inc. | Unknown | 26-Jul-2007 |
References
http://www.isc.org/sw/bind/bind-security.php
http://www.trusteer.com/docs/bind9dns.html
http://jvn.jp/cert/JVNVU%23252735/index.html
http://secunia.com/advisories/26195/
http://www.milw0rm.com/exploits/4266
http://docs.info.apple.com/article.html?artnum=307041
Credit
This vulnerability was reported by ISC who credit Amit Klein from Trusteer.
This document was written by Ryan Giobbi.
Other Information
| Date Public | 07/24/2007 |
| Date First Published | 07/27/2007 10:50:06 AM |
| Date Last Updated | 08/06/2008 |
| CERT Advisory | |
| CVE-ID(s) | CVE-2007-2926 |
| NVD-ID(s) | CVE-2007-2926 |
| US-CERT Technical Alerts | |
| Metric | 3.83 |
| Document Revision | 27 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
Get Adobe Reader