Bug 2405829 (CVE-2025-40780)
| Summary: | CVE-2025-40780 bind: Cache poisoning due to weak PRNG | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | michael.h.hall-1 |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG). This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS responses into the resolver’s cache, causing clients to receive spoofed DNS data. Authoritative servers are generally unaffected, but recursive resolvers are exposed to this risk. Exploitation is remote and does not require user interaction.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2394406, 2405831, 2405832, 2405833, 2405834 | ||
| Bug Blocks: | 2406399 | ||
|
Description
OSIDB Bzimport
2025-10-22 15:22:51 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:19793 https://access.redhat.com/errata/RHSA-2025:19793 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:19912 https://access.redhat.com/errata/RHSA-2025:19912 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:19950 https://access.redhat.com/errata/RHSA-2025:19950 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:19951 https://access.redhat.com/errata/RHSA-2025:19951 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:21034 https://access.redhat.com/errata/RHSA-2025:21034 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:21111 https://access.redhat.com/errata/RHSA-2025:21111 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:21110 https://access.redhat.com/errata/RHSA-2025:21110 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:21817 https://access.redhat.com/errata/RHSA-2025:21817 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:21887 https://access.redhat.com/errata/RHSA-2025:21887 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:21889 https://access.redhat.com/errata/RHSA-2025:21889 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:21939 https://access.redhat.com/errata/RHSA-2025:21939 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:22168 https://access.redhat.com/errata/RHSA-2025:22168 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.20 Via RHSA-2026:0420 https://access.redhat.com/errata/RHSA-2026:0420 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2026:0316 https://access.redhat.com/errata/RHSA-2026:0316 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2026:0326 https://access.redhat.com/errata/RHSA-2026:0326 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.18 Via RHSA-2026:0332 https://access.redhat.com/errata/RHSA-2026:0332 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2026:0702 https://access.redhat.com/errata/RHSA-2026:0702 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2026:0677 https://access.redhat.com/errata/RHSA-2026:0677 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.19 Via RHSA-2026:0674 https://access.redhat.com/errata/RHSA-2026:0674 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2026:0996 https://access.redhat.com/errata/RHSA-2026:0996 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2026:1541 https://access.redhat.com/errata/RHSA-2026:1541 |