CVE-2007-2930 - The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 genera

CVE-2007-2930

Summary

The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.

References

Vulnerable Configurations

cpe:2.3:a:isc:bind:-:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:-:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.5:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.5:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.6:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.6:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.7:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.7:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.8:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.8:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.9:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.9:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.10:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:4.9.10:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.1.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.1.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.2:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.2:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.2:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.2:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.2:p3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.2:p3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.2:p4:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.2:p4:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.2:p5:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.2:p5:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.2:p6:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.2:p6:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.2:p7:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.2:p7:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.3:t1a:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.3:t1a:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.3:t9b:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.3:t9b:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.3_t1a:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.3_t1a:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.3_t9b:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.3_t9b:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.6:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.6:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.7:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.2.7:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.2:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.6:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.3.6:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.4.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.4.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.4.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.4.4:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.4.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.4.5:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.4.7:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:8.4.7:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 16-10-2018 - 16:46)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

oval via4

accepted

2007-11-19T04:01:00.472-05:00

class

vulnerability

contributors

name	Todd Dolinsky
organization	Opsware, Inc.

definition_extensions

comment Solaris 8 (SPARC) is installed
oval oval:org.mitre.oval:def:1539
comment Solaris 8 (x86) is installed
oval oval:org.mitre.oval:def:2059
comment Solaris 9 (SPARC) is installed
oval oval:org.mitre.oval:def:1457
comment Solaris 9 (x86) is installed
oval oval:org.mitre.oval:def:1683

description

family

unix

oval:org.mitre.oval:def:2154

status

accepted

submitted

2007-10-16T10:34:50.000-04:00

title

Security Vulnerability in BIND 8 May Allow Cache Poisoning Attack

version

refmap via4

bid	25459
bugtraq	20070827 BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer) 20071001 Re: BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer) 20071006 Re: BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer)
cert-vn	VU#927905
ciac	R-333
confirm	http://support.avaya.com/elmodocs2/security/ASA-2007-448.htm http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=653968 http://www.isc.org/index.pl?/sw/bind/bind8-eol.php http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/43/022954-01.pdf http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3975
hp	HPSBUX02289 SSRT071461
misc	http://www.trusteer.com/docs/bind8dns.html
sectrack	1018615
secunia	26629 26858 27433 27459 27465 27696
sunalert	103063 200859
vupen	ADV-2007-2991 ADV-2007-3192 ADV-2007-3639 ADV-2007-3668 ADV-2007-3936

statements via4

contributor	Mark J Cox
lastmodified	2007-09-12
organization	Red Hat
statement	Not vulnerable. This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

Last major update

16-10-2018 - 16:46

Published

12-09-2007 - 01:17

Last modified

16-10-2018 - 16:46