Vulnerabilities > CVE-2007-2930 - Remote Cache Poisoning vulnerability in ISC BIND 8

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
isc
nessus
exploit available

Summary

The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.

Exploit-Db

  • descriptionISC BIND 8 Remote Cache Poisoning Vulnerability (2). CVE-2007-2930. Remote exploit for linux platform
    idEDB-ID:30536
    last seen2016-02-03
    modified2007-08-27
    published2007-08-27
    reporterAmit Klein
    sourcehttps://www.exploit-db.com/download/30536/
    titleISC BIND 8 - Remote Cache Poisoning Vulnerability 2
  • descriptionISC BIND 8 Remote Cache Poisoning Vulnerability (1). CVE-2007-2930. Remote exploit for linux platform
    idEDB-ID:30535
    last seen2016-02-03
    modified2007-08-27
    published2007-08-27
    reporterAmit Klein
    sourcehttps://www.exploit-db.com/download/30535/
    titleISC BIND 8 - Remote Cache Poisoning Vulnerability 1

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_X86_109327.NASL
    descriptionSunOS 5.8_x86: libresolv.so.2, in.named an. Date this patch was last updated by Sun : Mar/09/09
    last seen2020-06-01
    modified2020-06-02
    plugin id13429
    published2004-07-12
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13429
    titleSolaris 8 (x86) : 109327-24
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(13429);
      script_version("1.51");
      script_cvs_date("Date: 2019/10/25 13:36:26");
    
      script_cve_id("CVE-2007-2930", "CVE-2008-0122", "CVE-2008-1447", "CVE-2008-4194", "CVE-2009-0696");
      script_xref(name:"IAVA", value:"2008-A-0045");
    
      script_name(english:"Solaris 8 (x86) : 109327-24");
      script_summary(english:"Check for patch 109327-24");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 109327-24"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.8_x86: libresolv.so.2, in.named an.
    Date this patch was last updated by Sun : Mar/09/09"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/109327-24"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"You should install this patch for your system to be up-to-date."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(16, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/03/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"109327-24", obsoleted_by:"", package:"SUNWhea", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++;
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"109327-24", obsoleted_by:"", package:"SUNWcstl", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++;
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"109327-24", obsoleted_by:"", package:"SUNWcsu", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++;
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"109327-24", obsoleted_by:"", package:"SUNWcsr", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++;
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"109327-24", obsoleted_by:"", package:"SUNWcsl", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++;
    if (solaris_check_patch(release:"5.8_x86", arch:"i386", patch:"109327-24", obsoleted_by:"", package:"SUNWarc", version:"11.8.0,REV=2000.01.08.18.17") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());
      else security_hole(0);
      exit(0);
    }
    audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_114265.NASL
    descriptionSunOS 5.9_x86: in.dhcpd libresolv and BIND. Date this patch was last updated by Sun : Jul/21/11
    last seen2020-06-01
    modified2020-06-02
    plugin id27094
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27094
    titleSolaris 9 (x86) : 114265-23
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(27094);
      script_version("1.44");
      script_cvs_date("Date: 2019/10/25 13:36:27");
    
      script_cve_id("CVE-2007-2930", "CVE-2008-1447", "CVE-2008-4194", "CVE-2009-0025", "CVE-2009-0050", "CVE-2009-0051", "CVE-2009-0696");
      script_xref(name:"IAVA", value:"2008-A-0045");
    
      script_name(english:"Solaris 9 (x86) : 114265-23");
      script_summary(english:"Check for patch 114265-23");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 114265-23"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.9_x86: in.dhcpd libresolv and BIND.
    Date this patch was last updated by Sun : Jul/21/11"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/114265-23"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"You should install this patch for your system to be up-to-date."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(16, 287, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/07/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114265-23", obsoleted_by:"", package:"SUNWhea", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++;
    if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114265-23", obsoleted_by:"", package:"SUNWcstl", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++;
    if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114265-23", obsoleted_by:"", package:"SUNWdhcsu", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++;
    if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114265-23", obsoleted_by:"", package:"SUNWinamd", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++;
    if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114265-23", obsoleted_by:"", package:"SUNWcsu", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++;
    if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114265-23", obsoleted_by:"", package:"SUNWcsl", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++;
    if (solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"114265-23", obsoleted_by:"", package:"SUNWarc", version:"11.9.0,REV=2002.11.04.02.51") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report());
      else security_warning(0);
      exit(0);
    }
    audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_109326.NASL
    descriptionSunOS 5.8: libresolv.so.2, in.named and BI. Date this patch was last updated by Sun : Mar/09/09
    last seen2020-06-01
    modified2020-06-02
    plugin id13321
    published2004-07-12
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13321
    titleSolaris 8 (sparc) : 109326-24
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(13321);
      script_version("1.54");
      script_cvs_date("Date: 2019/10/25 13:36:26");
    
      script_cve_id("CVE-2007-2930", "CVE-2008-0122", "CVE-2008-1447", "CVE-2008-4194", "CVE-2009-0696");
      script_xref(name:"IAVA", value:"2008-A-0045");
    
      script_name(english:"Solaris 8 (sparc) : 109326-24");
      script_summary(english:"Check for patch 109326-24");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 109326-24"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.8: libresolv.so.2, in.named and BI.
    Date this patch was last updated by Sun : Mar/09/09"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/109326-24"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"You should install this patch for your system to be up-to-date."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(16, 189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/03/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109326-24", obsoleted_by:"", package:"SUNWcstlx", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++;
    if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109326-24", obsoleted_by:"", package:"SUNWhea", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++;
    if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109326-24", obsoleted_by:"", package:"SUNWarcx", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++;
    if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109326-24", obsoleted_by:"", package:"SUNWcstl", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++;
    if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109326-24", obsoleted_by:"", package:"SUNWcsu", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++;
    if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109326-24", obsoleted_by:"", package:"SUNWcslx", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++;
    if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109326-24", obsoleted_by:"", package:"SUNWcsr", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++;
    if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109326-24", obsoleted_by:"", package:"SUNWcsl", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++;
    if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"109326-24", obsoleted_by:"", package:"SUNWarc", version:"11.8.0,REV=2000.01.08.18.12") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());
      else security_hole(0);
      exit(0);
    }
    audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_112837.NASL
    descriptionSunOS 5.9: in.dhcpd libresolv and BIND9 pa. Date this patch was last updated by Sun : Jul/21/11
    last seen2020-06-01
    modified2020-06-02
    plugin id26165
    published2007-09-25
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/26165
    titleSolaris 9 (sparc) : 112837-24
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHNE_36185.NASL
    descriptions700_800 11.11 Bind 8.1.2 Patch : A potential vulnerability has been identified with HP-UX running BIND 8. The vulnerability could be exploited remotely to cause DNS cache poisoning.
    last seen2020-06-01
    modified2020-06-02
    plugin id29199
    published2007-12-04
    reporterThis script is Copyright (C) 2007-2013 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29199
    titleHP-UX PHNE_36185 : HP-UX Running BIND 8, Remote DNS Cache Poisoning (HPSBUX02289 SSRT071461 rev.1)

Oval

accepted2007-11-19T04:01:00.472-05:00
classvulnerability
contributors
nameTodd Dolinsky
organizationOpsware, Inc.
definition_extensions
  • commentSolaris 8 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1539
  • commentSolaris 8 (x86) is installed
    ovaloval:org.mitre.oval:def:2059
  • commentSolaris 9 (SPARC) is installed
    ovaloval:org.mitre.oval:def:1457
  • commentSolaris 9 (x86) is installed
    ovaloval:org.mitre.oval:def:1683
descriptionThe (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.
familyunix
idoval:org.mitre.oval:def:2154
statusaccepted
submitted2007-10-16T10:34:50.000-04:00
titleSecurity Vulnerability in BIND 8 May Allow Cache Poisoning Attack
version36

Statements

contributorMark J Cox
lastmodified2007-09-12
organizationRed Hat
statementNot vulnerable. This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

References