Lucene search

K
cve[email protected]CVE-2007-2930
HistorySep 12, 2007 - 1:17 a.m.

CVE-2007-2930

2007-09-1201:17:00
NVD-CWE-Other
web.nvd.nist.gov
28
isc bind
dns
cve-2007-2930
predictable dns query
prng
vulnerability

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.039 Low

EPSS

Percentile

91.8%

The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.

CPENameOperatorVersion
isc:bindisc bindle8.4.7

References

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.039 Low

EPSS

Percentile

91.8%

Related for CVE-2007-2930