Vulnerabilities > CVE-2007-2926 - Remote Cache Poisoning vulnerability in ISC BIND 9
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_119783-44.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-04-17 modified 2020-04-14 plugin id 135434 published 2020-04-14 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135434 title Solaris 10 (sparc) : 119783-44 NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_3DE342FB40BE11DCAEAC02E0185F8D72.NASL description When named(8) is operating as a recursive DNS server or sending NOTIFY requests to slave DNS servers, named(8) uses a predictable query id. Impact : An attacker who can see the query id for some request(s) sent by named(8) is likely to be able to perform DNS cache poisoning by predicting the query id for other request(s). Workaround : No workaround is available. last seen 2020-06-01 modified 2020-06-02 plugin id 25834 published 2007-08-02 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25834 title FreeBSD : FreeBSD -- Predictable query ids in named(8) (3de342fb-40be-11dc-aeac-02e0185f8d72) NASL family Solaris Local Security Checks NASL id SOLARIS10_119783-39.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107341 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107341 title Solaris 10 (sparc) : 119783-39 NASL family Solaris Local Security Checks NASL id SOLARIS10_119783-40.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107342 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107342 title Solaris 10 (sparc) : 119783-40 NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_36973.NASL description s700_800 11.23 Bind 9.2.0 components : A potential vulnerability has been identified with HP-UX running BIND. The vulnerability could be exploited remotely to cause DNS cache poisoning. last seen 2020-06-01 modified 2020-06-02 plugin id 26139 published 2007-09-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26139 title HP-UX PHNE_36973 : HP-UX Running BIND, Remote DNS Cache Poisoning (HPSBUX02251 SSRT071449 rev.3) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0740.NASL description From Red Hat Security Advisory 2007:0740 : Updated bind packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND generates outbound DNS query ids. If an attacker is able to acquire a finite set of query IDs, it becomes possible to accurately predict future query IDs. Future query ID prediction may allow an attacker to conduct a DNS cache poisoning attack, which can result in the DNS server returning incorrect client query data. (CVE-2007-2926) Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67554 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67554 title Oracle Linux 3 / 4 / 5 : bind (ELSA-2007-0740) NASL family SuSE Local Security Checks NASL id SUSE_BIND-3976.NASL description The bind nameserver generated predicatable DNS query IDs. Remote attackers could use that to perform DNS poisoning attacks. (CVE-2007-2926) last seen 2020-06-01 modified 2020-06-02 plugin id 29388 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29388 title SuSE 10 Security Update : bind,bind-devel,bind-utils (ZYPP Patch Number 3976) NASL family Solaris Local Security Checks NASL id SOLARIS10_119783-32.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107336 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107336 title Solaris 10 (sparc) : 119783-32 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119784-37.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107842 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107842 title Solaris 10 (x86) : 119784-37 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119784-36.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107841 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107841 title Solaris 10 (x86) : 119784-36 NASL family Fedora Local Security Checks NASL id FEDORA_2007-1247.NASL description - CVE-2007-2925 - allow-query-cache/allow-recursion default acls not set - workaround - disable recursion or explicitly set allow-query-cache and allow-recursion acls - CVE-2007-2926 - cryptographically weak query id generator - 1 in 8 chance of guessing the next query id for 50% of the query ids - allows cache-poisoning type of attack, no workaround, affect only outgoing queries Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27707 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27707 title Fedora 7 : bind-9.4.1-7.P1.fc7 (2007-1247) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119784-44.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-04-17 modified 2020-04-14 plugin id 135440 published 2020-04-14 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135440 title Solaris 10 (x86) : 119784-44 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119784.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. This plugin has been deprecated and either replaced with individual 119784 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 25542 published 2007-06-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=25542 title Solaris 10 (x86) : 119784-40 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_119783.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. This plugin has been deprecated and either replaced with individual 119783 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 25541 published 2007-06-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=25541 title Solaris 10 (sparc) : 119783-40 (deprecated) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0740.NASL description Updated bind packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND generates outbound DNS query ids. If an attacker is able to acquire a finite set of query IDs, it becomes possible to accurately predict future query IDs. Future query ID prediction may allow an attacker to conduct a DNS cache poisoning attack, which can result in the DNS server returning incorrect client query data. (CVE-2007-2926) Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 25778 published 2007-07-27 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25778 title CentOS 3 / 4 / 5 : bind (CESA-2007:0740) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1341.NASL description This update provides fixed packages for the oldstable distribution (sarge). For reference the original advisory text : Amit Klein discovered that the BIND name server generates predictable DNS query IDs, which may lead to cache poisoning attacks. last seen 2020-06-01 modified 2020-06-02 plugin id 25851 published 2007-08-13 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25851 title Debian DSA-1341-2 : bind9 - design error NASL family Solaris Local Security Checks NASL id SOLARIS10_119783-38.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107340 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107340 title Solaris 10 (sparc) : 119783-38 NASL family SuSE Local Security Checks NASL id SUSE_BIND-3964.NASL description The bind nameserver generated predicatable DNS query IDs. Remote attackers could use that to perform DNS poisoning attacks (CVE-2007-2926). last seen 2020-06-01 modified 2020-06-02 plugin id 27168 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27168 title openSUSE 10 Security Update : bind (bind-3964) NASL family Solaris Local Security Checks NASL id SOLARIS10_119783-25.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107332 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107332 title Solaris 10 (sparc) : 119783-25 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119784-25.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107835 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107835 title Solaris 10 (x86) : 119784-25 NASL family Solaris Local Security Checks NASL id SOLARIS10_119783-41.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 121174 published 2019-01-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121174 title Solaris 10 (sparc) : 119783-41 NASL family Solaris Local Security Checks NASL id SOLARIS10_119783-36.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107338 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107338 title Solaris 10 (sparc) : 119783-36 NASL family Solaris Local Security Checks NASL id SOLARIS10_119783-29.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107333 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107333 title Solaris 10 (sparc) : 119783-29 NASL family MacOS X Local Security Checks NASL id MACOSX_10_4_11.NASL description The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.11 or a version of Mac OS X 10.3 which does not have Security Update 2007-008 applied. This update contains several security fixes for the following programs : - Flash Player Plugin - AppleRAID - BIND - bzip2 - CFFTP - CFNetwork - CoreFoundation - CoreText - Kerberos - Kernel - remote_cmds - Networking - NFS - NSURL - Safari - SecurityAgent - WebCore - WebKit last seen 2020-06-01 modified 2020-06-02 plugin id 28212 published 2007-11-14 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28212 title Mac OS X < 10.4.11 Multiple Vulnerabilities (Security Update 2007-008) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2007-207-01.NASL description New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 to fix security issues. The first issue which allows remote attackers to make recursive queries only affects Slackware 12.0. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925 The second issue is the discovery that BIND9 last seen 2020-06-01 modified 2020-06-02 plugin id 54868 published 2011-05-28 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/54868 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 : bind (SSA:2007-207-01) NASL family Solaris Local Security Checks NASL id SOLARIS10_119783-31.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107335 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107335 title Solaris 10 (sparc) : 119783-31 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119784-43.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 129874 published 2019-10-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129874 title Solaris 10 (x86) : 119784-43 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119784-41.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 121180 published 2019-01-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121180 title Solaris 10 (x86) : 119784-41 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119784-39.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107844 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107844 title Solaris 10 (x86) : 119784-39 NASL family Fedora Local Security Checks NASL id FEDORA_2007-647.NASL description - CVE-2007-2926 - cryptographically weak query id generator - 1 in 8 chance of guessing the next query id for 50% of the query ids - allows cache-poisoning type of attack, no workaround, affect only outgoing queries Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25783 published 2007-07-27 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25783 title Fedora Core 6 : bind-9.3.4-7.P1.fc6 (2007-647) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2020-0021.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details. last seen 2020-06-10 modified 2020-06-05 plugin id 137170 published 2020-06-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137170 title OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119784-29.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107836 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107836 title Solaris 10 (x86) : 119784-29 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119784-32.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107839 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107839 title Solaris 10 (x86) : 119784-32 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119784-33.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107840 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107840 title Solaris 10 (x86) : 119784-33 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119784-31.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107838 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107838 title Solaris 10 (x86) : 119784-31 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119784-38.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107843 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107843 title Solaris 10 (x86) : 119784-38 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0740.NASL description Updated bind packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND generates outbound DNS query ids. If an attacker is able to acquire a finite set of query IDs, it becomes possible to accurately predict future query IDs. Future query ID prediction may allow an attacker to conduct a DNS cache poisoning attack, which can result in the DNS server returning incorrect client query data. (CVE-2007-2926) Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 25797 published 2007-07-27 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25797 title RHEL 2.1 / 3 / 4 / 5 : bind (RHSA-2007:0740) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200708-13.NASL description The remote host is affected by the vulnerability described in GLSA-200708-13 (BIND: Weak random number generation) Amit Klein from Trusteer reported that the random number generator of ISC BIND leads, half the time, to predictable (1 chance to 8) query IDs in the resolver routine or in zone transfer queries (CVE-2007-2926). Additionally, the default configuration file has been strengthen with respect to the allow-recursion{} and the allow-query{} options (CVE-2007-2925). Impact : A remote attacker can use this weakness by sending queries for a domain he handles to a resolver (directly to a recursive server, or through another process like an email processing) and then observing the resulting IDs of the iterative queries. The attacker will half the time be able to guess the next query ID, then perform cache poisoning by answering with those guessed IDs, while spoofing the UDP source address of the reply. Furthermore, with empty allow-recursion{} and allow-query{} options, the default configuration allowed anybody to make recursive queries and query the cache. Workaround : There is no known workaround at this time for the random generator weakness. The allow-recursion{} and allow-query{} options should be set to trusted hosts only in /etc/bind/named.conf, thus preventing several security risks. last seen 2020-06-01 modified 2020-06-02 plugin id 25919 published 2007-08-21 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25919 title GLSA-200708-13 : BIND: Weak random number generation NASL family Solaris Local Security Checks NASL id SOLARIS10_119783-33.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107337 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107337 title Solaris 10 (sparc) : 119783-33 NASL family Solaris Local Security Checks NASL id SOLARIS10_119783-37.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107339 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107339 title Solaris 10 (sparc) : 119783-37 NASL family Solaris Local Security Checks NASL id SOLARIS10_119783-43.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 129870 published 2019-10-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129870 title Solaris 10 (sparc) : 119783-43 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119784-30.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107837 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107837 title Solaris 10 (x86) : 119784-30 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119784-42.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 126726 published 2019-07-16 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126726 title Solaris 10 (x86) : 119784-42 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119784-40.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107845 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107845 title Solaris 10 (x86) : 119784-40 NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-149.NASL description The DNS query id generation code in BIND9 is vulnerable to cryptographic analysis which provides a 1-in-8 change of guessing the next query ID for 50% of the query IDs, which could be used by a remote attacker to perform cache poisoning by an attacker (CVE-2007-2926). As well, in BIND9 9.4.x, the default ACLs were note being correctly set, which could allow anyone to make recursive queries and/or query the cache contents (CVE-2007-2925). This update provides packages which are patched to prevent these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25795 published 2007-07-27 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25795 title Mandrake Linux Security Advisory : bind (MDKSA-2007:149) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0066.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776) last seen 2020-06-01 modified 2020-06-02 plugin id 99569 published 2017-04-21 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99569 title OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066) NASL family Solaris Local Security Checks NASL id SOLARIS10_119783-30.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 107334 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107334 title Solaris 10 (sparc) : 119783-30 NASL family Scientific Linux Local Security Checks NASL id SL_20070724_BIND_ON_SL5_X.NASL description A flaw was found in the way BIND generates outbound DNS query ids. If an attacker is able to acquire a finite set of query IDs, it becomes possible to accurately predict future query IDs. Future query ID prediction may allow an attacker to conduct a DNS cache poisoning attack, which can result in the DNS server returning incorrect client query data. (CVE-2007-2926) last seen 2020-06-01 modified 2020-06-02 plugin id 60231 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60231 title Scientific Linux Security Update : bind on SL5.x, SL4.x, SL3.x i386/x86_64 NASL family Solaris Local Security Checks NASL id SOLARIS10_119783-42.NASL description Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 126716 published 2019-07-16 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126716 title Solaris 10 (sparc) : 119783-42 NASL family SuSE Local Security Checks NASL id SUSE9_11717.NASL description - CVE-2007-2926, cryptographically weak query ids [RT #16915]. Applied fix extracted from 9.2.8-P1 version. - version update to 9.3.x because ISC will no longer maintain version 9.2.x last seen 2020-06-01 modified 2020-06-02 plugin id 41147 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41147 title SuSE9 Security Update : SLES9-SP4: Security update for bind (YOU Patch Number 11717) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-491-1.NASL description A flaw was discovered in Bind last seen 2020-06-01 modified 2020-06-02 plugin id 28093 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28093 title Ubuntu 6.06 LTS / 6.10 / 7.04 : bind9 vulnerability (USN-491-1)
Oval
accepted 2013-04-29T04:04:22.127-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning. family unix id oval:org.mitre.oval:def:10293 status accepted submitted 2010-07-09T03:56:16-04:00 title ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning. version 27 accepted 2007-09-27T08:57:47.043-04:00 class vulnerability contributors name Nicholas Hansen organization Opsware, Inc. definition_extensions comment Solaris 10 (SPARC) is installed oval oval:org.mitre.oval:def:1440 comment Solaris 10 (x86) is installed oval oval:org.mitre.oval:def:1926
description ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning. family unix id oval:org.mitre.oval:def:2226 status accepted submitted 2007-08-23T13:32:59.000-04:00 title Security Vulnerability in Solaris 10 BIND: Susceptible to Cache Poisoning Attack version 37
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2008-03-28 |
| organization | Red Hat |
| statement | Updates are available for Red Hat Enterprise Linux 2.1, 3, 4, and 5 to correct this issue: http://rhn.redhat.com/errata/RHSA-2007-0740.html |
References
- ftp://aix.software.ibm.com/aix/efixes/security/README
- ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc
- http://docs.info.apple.com/article.html?artnum=307041
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01123426
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01154600
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01174368
- http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
- http://marc.info/?l=bugtraq&m=141879471518471&w=2
- http://secunia.com/advisories/26148
- http://secunia.com/advisories/26152
- http://secunia.com/advisories/26160
- http://secunia.com/advisories/26180
- http://secunia.com/advisories/26195
- http://secunia.com/advisories/26217
- http://secunia.com/advisories/26227
- http://secunia.com/advisories/26231
- http://secunia.com/advisories/26236
- http://secunia.com/advisories/26261
- http://secunia.com/advisories/26308
- http://secunia.com/advisories/26330
- http://secunia.com/advisories/26509
- http://secunia.com/advisories/26515
- http://secunia.com/advisories/26531
- http://secunia.com/advisories/26605
- http://secunia.com/advisories/26607
- http://secunia.com/advisories/26847
- http://secunia.com/advisories/26925
- http://secunia.com/advisories/27643
- http://security.freebsd.org/advisories/FreeBSD-SA-07:07.bind.asc
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103018-1
- http://support.avaya.com/elmodocs2/security/ASA-2007-389.htm
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903
- http://www.debian.org/security/2007/dsa-1341
- http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml
- http://www.isc.org/index.pl?/sw/bind/bind-security.php
- http://www.kb.cert.org/vuls/id/252735
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:149
- http://www.novell.com/linux/security/advisories/2007_47_bind.html
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html
- http://www.redhat.com/support/errata/RHSA-2007-0740.html
- http://www.securiteam.com/securitynews/5VP0L0UM0A.html
- http://www.securityfocus.com/archive/1/474516/100/0/threaded
- http://www.securityfocus.com/archive/1/474545/100/0/threaded
- http://www.securityfocus.com/archive/1/474808/100/0/threaded
- http://www.securityfocus.com/archive/1/474856/100/0/threaded
- http://www.securityfocus.com/bid/25037
- http://www.securityfocus.com/bid/26444
- http://www.securitytracker.com/id?1018442
- http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385
- http://www.trusteer.com/docs/bind9dns.html
- http://www.trusteer.com/docs/bind9dns_s.html
- http://www.trustix.org/errata/2007/0023/
- http://www.ubuntu.com/usn/usn-491-1
- http://www.us-cert.gov/cas/techalerts/TA07-319A.html
- http://www.vupen.com/english/advisories/2007/2627
- http://www.vupen.com/english/advisories/2007/2662
- http://www.vupen.com/english/advisories/2007/2782
- http://www.vupen.com/english/advisories/2007/2914
- http://www.vupen.com/english/advisories/2007/2932
- http://www.vupen.com/english/advisories/2007/3242
- http://www.vupen.com/english/advisories/2007/3868
- http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02218&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02219&apar=only
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35575
- https://issues.rpath.com/browse/RPL-1587
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10293
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2226