Bug 248851 - (CVE-2007-2926) CVE-2007-2926 bind cryptographically weak query ids
CVE-2007-2926 bind cryptographically weak query ids
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 248866 248867 248868 248869 248870 248871 248872 248873 248874
  Show dependency treegraph
Reported: 2007-07-19 04:09 EDT by Mark J. Cox
Modified: 2014-11-06 17:28 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-01-14 11:24:56 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:0740 normal SHIPPED_LIVE Moderate: bind security update 2008-01-09 12:16:33 EST

  None (edit)
Description Mark J. Cox 2007-07-19 04:09:44 EDT
Internet Systems Consortium Security Advisory.

                BIND 9: cryptographically weak query ids.

                              17 July 2007

Versions affected:

    BIND 9.0 (all versions)
    BIND 9.1 (all versions)
    BIND 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.7, 9.2.8
    BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.3.4
    BIND 9.5.0a1, 9.5.0a2, 9.5.0a3, 9.5.0a4, 9.5.0a5

Severity: Medium.


    The DNS query id generation is vulnerable to cryptographic
    analysis which provides a 1 in 8 chance of guessing the next
    query id for 50% of the query ids.  This can be used to perform
    cache poisoning by an attacker.

    This bug only affects outgoing queries, generated by BIND 9 to
    answer questions as a resolver, or when it is looking up data
    for internal uses, such as when sending NOTIFYs to slave name

    All users are encouraged to upgrade.




    Upgrade to BIND 9.2.8-P1, BIND 9.3.4-P1, BIND 9.4.1-P1 or
    BIND 9.5.0a6.

    Questions should be addressed to bind9-bugs@isc.org.

CVE:    CVE-2007-2926   (CERT-US VU#553201)

    Thanks to Amit Klein from Trusteer (www.trusteer.com) for
    reporting this.

*** Embargo set to 23 July 2007 ***
Comment 1 Mark J. Cox 2007-07-19 07:07:32 EDT
patch is http://bugzilla.redhat.com/bugzilla/attachment.cgi?id=159581
Comment 4 Josh Bressers 2007-07-24 07:21:18 EDT
This flaw is now public according to the ISC web site:

Current Release
  BIND 9.4.1-P1

Maintenance Releases
  BIND 9.3.4-P1
  BIND 9.2.8-P1 (end of life August 2007)
  BIND 8.4.7 
Comment 5 Red Hat Product Security 2008-01-14 11:24:56 EST
This issue was addressed in:

Red Hat Enterprise Linux:


Note You need to log in before you can comment on or make changes to this bug.