4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
This update provides fixed packages for the oldstable distribution (sarge).
For reference the original advisory text:
>
> Amit Klein discovered that the BIND name server generates predictable
> DNS query IDs, which may lead to cache poisoning attacks.
>
>
>
For the oldstable distribution (sarge) this problem has been fixed in
version 9.2.4-1sarge3. An update for mips, powerpc and hppa is not yet
available, they will be released soon.
For the stable distribution (etch) this problem has been fixed in
version 9.3.4-2etch1. An update for mips is not yet available, it will
be released soon.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your BIND packages.
CPE | Name | Operator | Version |
---|---|---|---|
bind9 | eq | 1:9.2.4-1sarge1 | |
bind9 | eq | 1:9.2.4-1 | |
bind9 | eq | 1:9.2.4-1sarge2 |