Vulnerability Note VU#927905

BIND version 8 generates cryptographically weak DNS query identifiers

Original Release date: 28 Aug 2007 | Last revised: 28 Aug 2007


ISC BIND version 8 generates cryptographically weak DNS query IDs which could allow a remote attacker to poison DNS caches.


The Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS) implementation from Internet Systems Consortium (ISC). Version 8 of the BIND software uses a weak algorithm to generate DNS query identifiers. This condition allows an attacker to reliably guess the next query ID, thereby allowing for DNS cache poisoning attacks.

ISC states that this bug only affects outgoing queries, generated by BIND 8 to answer questions as a resolver, or when it is looking up data for internal uses, such as when sending NOTIFY messages to slave name servers. Note that although this vulnerability is similar in nature and impact to VU#252735, it is a distinct issue.


A remote attacker with the ability to predict DNS query IDs and respond with arbitrary answers, could poison DNS caches.


Upgrade or apply a patch

Users should obtain a patch from their operating system vendor when available. Please see the Systems Affected section of this document for more information about specific vendors.

Users who compile their own versions of BIND 8 from the original ISC source code are encouraged to take the following actions described by ISC:

This issue is addressed in ISC BIND 8.4.7-P1, available as patch that  
can be applied to BIND 8.4.7.
The more definitive solution is to upgrade to BIND 9. BIND 8 is being  
declared "end of life" by ISC due to multiple architectural issues.  
See ISC's website at for more information and  

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Internet Software ConsortiumAffected21 Aug 200727 Aug 2007
BlueCat Networks, Inc.Not Affected27 Aug 200728 Aug 2007
InfobloxNot Affected27 Aug 200727 Aug 2007
Mandriva, Inc.Not Affected27 Aug 200727 Aug 2007
Microsoft CorporationNot Affected27 Aug 200728 Aug 2007
Apple Computer, Inc.Unknown27 Aug 200727 Aug 2007
Check Point Software TechnologiesUnknown27 Aug 200727 Aug 2007
Conectiva Inc.Unknown27 Aug 200727 Aug 2007
Cray Inc.Unknown27 Aug 200727 Aug 2007
Debian GNU/LinuxUnknown27 Aug 200727 Aug 2007
EMC CorporationUnknown27 Aug 200727 Aug 2007
Engarde Secure LinuxUnknown27 Aug 200727 Aug 2007
F5 Networks, Inc.Unknown27 Aug 200727 Aug 2007
Fedora ProjectUnknown27 Aug 200727 Aug 2007
FreeBSD, Inc.Unknown27 Aug 200727 Aug 2007
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



Thanks to the Internet Systems Consortium (ISC) for reporting this vulnerability. ISC, in turn, credits Amit Klein from Trusteer for reporting this issue to them.

This document was written by Chad Dougherty.

Other Information

  • CVE IDs: CVE-2007-2930
  • Date Public: 27 Aug 2007
  • Date First Published: 28 Aug 2007
  • Date Last Updated: 28 Aug 2007
  • Severity Metric: 2.14
  • Document Revision: 14


If you have feedback, comments, or additional information about this vulnerability, please send us email.