Vulnerabilities > CVE-2007-2930 - Remote Cache Poisoning vulnerability in ISC BIND 8
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.
Vulnerable Configurations
Exploit-Db
description ISC BIND 8 Remote Cache Poisoning Vulnerability (2). CVE-2007-2930. Remote exploit for linux platform id EDB-ID:30536 last seen 2016-02-03 modified 2007-08-27 published 2007-08-27 reporter Amit Klein source https://www.exploit-db.com/download/30536/ title ISC BIND 8 - Remote Cache Poisoning Vulnerability 2 description ISC BIND 8 Remote Cache Poisoning Vulnerability (1). CVE-2007-2930. Remote exploit for linux platform id EDB-ID:30535 last seen 2016-02-03 modified 2007-08-27 published 2007-08-27 reporter Amit Klein source https://www.exploit-db.com/download/30535/ title ISC BIND 8 - Remote Cache Poisoning Vulnerability 1
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_109327.NASL description SunOS 5.8_x86: libresolv.so.2, in.named an. Date this patch was last updated by Sun : Mar/09/09 last seen 2020-06-01 modified 2020-06-02 plugin id 13429 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13429 title Solaris 8 (x86) : 109327-24 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(13429); script_version("1.51"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2007-2930", "CVE-2008-0122", "CVE-2008-1447", "CVE-2008-4194", "CVE-2009-0696"); script_xref(name:"IAVA", value:"2008-A-0045"); script_name(english:"Solaris 8 (x86) : 109327-24"); script_summary(english:"Check for patch 109327-24"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 109327-24" ); script_set_attribute( attribute:"description", value: "SunOS 5.8_x86: libresolv.so.2, in.named an. Date this patch was last updated by Sun : Mar/09/09" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/109327-24" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(16, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"109327-24", obsoleted_by:"", package:"SUNWhea", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"109327-24", obsoleted_by:"", package:"SUNWcstl", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"109327-24", obsoleted_by:"", package:"SUNWcsu", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"109327-24", obsoleted_by:"", package:"SUNWcsr", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"109327-24", obsoleted_by:"", package:"SUNWcsl", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"109327-24", obsoleted_by:"", package:"SUNWarc", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114265.NASL description SunOS 5.9_x86: in.dhcpd libresolv and BIND. Date this patch was last updated by Sun : Jul/21/11 last seen 2020-06-01 modified 2020-06-02 plugin id 27094 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27094 title Solaris 9 (x86) : 114265-23 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(27094); script_version("1.44"); script_cvs_date("Date: 2019/10/25 13:36:27"); script_cve_id("CVE-2007-2930", "CVE-2008-1447", "CVE-2008-4194", "CVE-2009-0025", "CVE-2009-0050", "CVE-2009-0051", "CVE-2009-0696"); script_xref(name:"IAVA", value:"2008-A-0045"); script_name(english:"Solaris 9 (x86) : 114265-23"); script_summary(english:"Check for patch 114265-23"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 114265-23" ); script_set_attribute( attribute:"description", value: "SunOS 5.9_x86: in.dhcpd libresolv and BIND. Date this patch was last updated by Sun : Jul/21/11" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/114265-23" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(16, 287, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2011/07/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114265-23", obsoleted_by:"", package:"SUNWhea", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114265-23", obsoleted_by:"", package:"SUNWcstl", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114265-23", obsoleted_by:"", package:"SUNWdhcsu", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114265-23", obsoleted_by:"", package:"SUNWinamd", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114265-23", obsoleted_by:"", package:"SUNWcsu", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114265-23", obsoleted_by:"", package:"SUNWcsl", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114265-23", obsoleted_by:"", package:"SUNWarc", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report()); else security_warning(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS8_109326.NASL description SunOS 5.8: libresolv.so.2, in.named and BI. Date this patch was last updated by Sun : Mar/09/09 last seen 2020-06-01 modified 2020-06-02 plugin id 13321 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13321 title Solaris 8 (sparc) : 109326-24 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(13321); script_version("1.54"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2007-2930", "CVE-2008-0122", "CVE-2008-1447", "CVE-2008-4194", "CVE-2009-0696"); script_xref(name:"IAVA", value:"2008-A-0045"); script_name(english:"Solaris 8 (sparc) : 109326-24"); script_summary(english:"Check for patch 109326-24"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 109326-24" ); script_set_attribute( attribute:"description", value: "SunOS 5.8: libresolv.so.2, in.named and BI. Date this patch was last updated by Sun : Mar/09/09" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/109326-24" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(16, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109326-24", obsoleted_by:"", package:"SUNWcstlx", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109326-24", obsoleted_by:"", package:"SUNWhea", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109326-24", obsoleted_by:"", package:"SUNWarcx", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109326-24", obsoleted_by:"", package:"SUNWcstl", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109326-24", obsoleted_by:"", package:"SUNWcsu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109326-24", obsoleted_by:"", package:"SUNWcslx", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109326-24", obsoleted_by:"", package:"SUNWcsr", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109326-24", obsoleted_by:"", package:"SUNWcsl", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109326-24", obsoleted_by:"", package:"SUNWarc", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS9_112837.NASL description SunOS 5.9: in.dhcpd libresolv and BIND9 pa. Date this patch was last updated by Sun : Jul/21/11 last seen 2020-06-01 modified 2020-06-02 plugin id 26165 published 2007-09-25 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26165 title Solaris 9 (sparc) : 112837-24 NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_36185.NASL description s700_800 11.11 Bind 8.1.2 Patch : A potential vulnerability has been identified with HP-UX running BIND 8. The vulnerability could be exploited remotely to cause DNS cache poisoning. last seen 2020-06-01 modified 2020-06-02 plugin id 29199 published 2007-12-04 reporter This script is Copyright (C) 2007-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29199 title HP-UX PHNE_36185 : HP-UX Running BIND 8, Remote DNS Cache Poisoning (HPSBUX02289 SSRT071461 rev.1)
Oval
accepted | 2007-11-19T04:01:00.472-05:00 | ||||||||||||||||
class | vulnerability | ||||||||||||||||
contributors |
| ||||||||||||||||
definition_extensions |
| ||||||||||||||||
description | The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926. | ||||||||||||||||
family | unix | ||||||||||||||||
id | oval:org.mitre.oval:def:2154 | ||||||||||||||||
status | accepted | ||||||||||||||||
submitted | 2007-10-16T10:34:50.000-04:00 | ||||||||||||||||
title | Security Vulnerability in BIND 8 May Allow Cache Poisoning Attack | ||||||||||||||||
version | 36 |
Statements
contributor | Mark J Cox |
lastmodified | 2007-09-12 |
organization | Red Hat |
statement | Not vulnerable. This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. |
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01283837
- http://secunia.com/advisories/26629
- http://secunia.com/advisories/26858
- http://secunia.com/advisories/27433
- http://secunia.com/advisories/27459
- http://secunia.com/advisories/27465
- http://secunia.com/advisories/27696
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103063-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200859-1
- http://support.avaya.com/elmodocs2/security/ASA-2007-448.htm
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=653968
- http://www.ciac.org/ciac/bulletins/r-333.shtml
- http://www.isc.org/index.pl?/sw/bind/bind8-eol.php
- http://www.kb.cert.org/vuls/id/927905
- http://www.securityfocus.com/archive/1/477870/100/100/threaded
- http://www.securityfocus.com/archive/1/481424/100/0/threaded
- http://www.securityfocus.com/archive/1/481659/100/0/threaded
- http://www.securityfocus.com/bid/25459
- http://www.securitytracker.com/id?1018615
- http://www.trusteer.com/docs/bind8dns.html
- http://www.vupen.com/english/advisories/2007/2991
- http://www.vupen.com/english/advisories/2007/3192
- http://www.vupen.com/english/advisories/2007/3639
- http://www.vupen.com/english/advisories/2007/3668
- http://www.vupen.com/english/advisories/2007/3936
- http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/43/022954-01.pdf
- http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3975
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2154