CVE-2007-2926
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
7.1 High
AI Score
Confidence
High
0.218 Low
EPSS
Percentile
96.5%
ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.
Affected configurations
References
ftp://aix.software.ibm.com/aix/efixes/security/README
ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc
docs.info.apple.com/article.html?artnum=307041
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01123426
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01154600
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01174368
lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
marc.info/?l=bugtraq&m=141879471518471&w=2
secunia.com/advisories/26148
secunia.com/advisories/26152
secunia.com/advisories/26160
secunia.com/advisories/26180
secunia.com/advisories/26195
secunia.com/advisories/26217
secunia.com/advisories/26227
secunia.com/advisories/26231
secunia.com/advisories/26236
secunia.com/advisories/26261
secunia.com/advisories/26308
secunia.com/advisories/26330
secunia.com/advisories/26509
secunia.com/advisories/26515
secunia.com/advisories/26531
secunia.com/advisories/26605
secunia.com/advisories/26607
secunia.com/advisories/26847
secunia.com/advisories/26925
secunia.com/advisories/27643
security.freebsd.org/advisories/FreeBSD-SA-07:07.bind.asc
sunsolve.sun.com/search/document.do?assetkey=1-26-103018-1
support.avaya.com/elmodocs2/security/ASA-2007-389.htm
support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903
www-1.ibm.com/support/search.wss?rs=0&q=IZ02218&apar=only
www-1.ibm.com/support/search.wss?rs=0&q=IZ02219&apar=only
www.debian.org/security/2007/dsa-1341
www.gentoo.org/security/en/glsa/glsa-200708-13.xml
www.isc.org/index.pl?/sw/bind/bind-security.php
www.kb.cert.org/vuls/id/252735
www.mandriva.com/security/advisories?name=MDKSA-2007:149
www.novell.com/linux/security/advisories/2007_47_bind.html
www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html
www.redhat.com/support/errata/RHSA-2007-0740.html
www.securiteam.com/securitynews/5VP0L0UM0A.html
www.securityfocus.com/archive/1/474516/100/0/threaded
www.securityfocus.com/archive/1/474545/100/0/threaded
www.securityfocus.com/archive/1/474808/100/0/threaded
www.securityfocus.com/archive/1/474856/100/0/threaded
www.securityfocus.com/bid/25037
www.securityfocus.com/bid/26444
www.securitytracker.com/id?1018442
www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385
www.trusteer.com/docs/bind9dns.html
www.trusteer.com/docs/bind9dns_s.html
www.trustix.org/errata/2007/0023/
www.ubuntu.com/usn/usn-491-1
www.us-cert.gov/cas/techalerts/TA07-319A.html
www.vupen.com/english/advisories/2007/2627
www.vupen.com/english/advisories/2007/2662
www.vupen.com/english/advisories/2007/2782
www.vupen.com/english/advisories/2007/2914
www.vupen.com/english/advisories/2007/2932
www.vupen.com/english/advisories/2007/3242
www.vupen.com/english/advisories/2007/3868
exchange.xforce.ibmcloud.com/vulnerabilities/35575
issues.rpath.com/browse/RPL-1587
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10293
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2226
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
7.1 High
AI Score
Confidence
High
0.218 Low
EPSS
Percentile
96.5%