CVE-2007-2926 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-2926
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-2926

Description: ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/35575 UBUNTU http://www.ubuntu.com/usn/usn-491-1 TRUSTIX http://www.trustix.org/errata/2007/0023/ SUSE http://www.novell.com/linux/security/advisories/2007_47_bind.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-103018-1 ST 1018442 SLACKWARE http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385 SGI SAID Secunia Advisory: SA26847 Secunia Advisory: SA26607 Secunia Advisory: SA26531 Secunia Advisory: SA26515 Secunia Advisory: SA26509 Secunia Advisory: SA26308 Secunia Advisory: SA26261 Secunia Advisory: SA26330 Secunia Advisory: SA26231 Secunia Advisory: SA26160 Secunia Advisory: SA26227 Secunia Advisory: SA26148 Secunia Advisory: SA26152 Secunia Advisory: SA26195 Secunia Advisory: SA26925 Secunia Advisory: SA26180 Secunia Advisory: SA26217 Secunia Advisory: SA26236 Secunia Advisory: SA26605 Secunia Advisory: SA27643 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0740.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2226 OPENPKG http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html MISC http://www.securiteam.com/securitynews/5VP0L0UM0A.html http://www.trusteer.com/docs/bind9dns.html http://www.trusteer.com/docs/bind9dns_s.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:149 HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01154600 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01174368 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01123426 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml FREEBSD http://security.freebsd.org/advisories/FreeBSD-SA-07:07.bind.asc DEBIAN http://www.debian.org/security/2007/dsa-1341 CONFIRM http://docs.info.apple.com/article.html?artnum=307041 http://support.avaya.com/elmodocs2/security/ASA-2007-389.htm http://www.isc.org/index.pl?/sw/bind/bind-security.php http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903 CERT-VN 252735 CERT http://www.us-cert.gov/cas/techalerts/TA07-319A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/474516/100/0/threaded http://www.securityfocus.com/archive/1/474856/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/474808/100/0/threaded http://www.securityfocus.com/archive/1/474545/100/0/threaded BID 26444 25037 APPLE http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html AIXAPAR http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02219&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02218&apar=only

Return to the previous page.