35 matches found
OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI...
Scientific Linux Security Update : bind on SL5.x, SL4.x, SL3.x i386/x86_64
A flaw was found in the way BIND generates outbound DNS query ids. If an attacker is able to acquire a finite set of query IDs, it becomes possible to accurately predict future query IDs. Future query ID prediction may allow an attacker to conduct a DNS cache poisoning attack, which can result in...
SuSE Update for bind, bind9 SUSE-SA:2007:047
Check for the Version of bind, bind9 OpenVAS Vulnerability Test $Id: gbsuse2007047.nasl 8050 2017-12-08 09:34:29Z santu $ SuSE Update for bind, bind9 SUSE-SA:2007:047 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free...
Fedora 8 : pdns-recursor-3.1.5-1.fc8 (2008-3036)
Bug 440247 - CVE-2008-1637 pdns-recursor: perdictable query ids Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
SuSE 10 Security Update : bind,bind-devel,bind-utils (ZYPP Patch Number 3976)
The bind nameserver generated predicatable DNS query IDs. Remote attackers could use that to perform DNS poisoning attacks. CVE-2007-2926 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc...
GLSA-200708-13 : BIND: Weak random number generation
The remote host is affected by the vulnerability described in GLSA-200708-13 BIND: Weak random number generation Amit Klein from Trusteer reported that the random number generator of ISC BIND leads, half the time, to predictable 1 chance to 8 query IDs in the resolver routine or in zone transfer...
BIND: Weak random number generation
Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Amit Klein from Trusteer reported that the random number generator of ISC BIND leads, half the time, to predictable 1 chance to 8 query IDs in the resolver routine or in zone...
Debian DSA-1341-2 : bind9 - design error
This update provides fixed packages for the oldstable distribution sarge. For reference the original advisory text : Amit Klein discovered that the BIND name server generates predictable DNS query IDs, which may lead to cache poisoning attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
FreeBSD : FreeBSD -- Predictable query ids in named(8) (3de342fb-40be-11dc-aeac-02e0185f8d72)
When named8 is operating as a recursive DNS server or sending NOTIFY requests to slave DNS servers, named8 uses a predictable query id. Impact : An attacker who can see the query id for some requests sent by named8 is likely to be able to perform DNS cache poisoning by predicting the query id for...
FreeBSD-SA-07:07.bind
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:07.bind Security Advisory The FreeBSD Project Topic: Predictable query ids in named8 Category: contrib Module: bind Announced: 2007-08-01 Credits: Amit Klein...
ISC BIND generates cryptographically weak DNS query IDs
Overview ISC Internet Systems Consortiuim BIND generates cryptographically weak DNS query IDs which could allow a remote attacker to poison DNS caches. Description From the ISC Bind security page:The DNS query id generation is vulnerable to cryptographic analysis which provides a 1 in 8 chance of...
RHEL 2.1 / 3 / 4 / 5 : bind (RHSA-2007:0740)
Updated bind packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ISC BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. A flaw was found in the way...
FreeBSD -- Predictable query ids in named(8)
Problem Description: When named8 is operating as a recursive DNS server or sending NOTIFY requests to slave DNS servers, named8 uses a predictable query id. Impact: An attacker who can see the query id for some requests sent by named8 is likely to be able to perform DNS cache poisoning by...
CVE-1999-0024
DNS cache poisoning via BIND, by predictable query IDs...
CVE-1999-0024
DNS cache poisoning via BIND, by predictable query IDs...