Bug 248851 - (CVE-2007-2926) CVE-2007-2926 bind cryptographically weak query ids
CVE-2007-2926 bind cryptographically weak query ids
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,source=bind,reported=...
: Security
Depends On: 248866 248867 248868 248869 248870 248871 248872 248873 248874
Blocks:
  Show dependency treegraph
 
Reported: 2007-07-19 04:09 EDT by Mark J. Cox (Product Security)
Modified: 2014-11-06 17:28 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-14 11:24:56 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox (Product Security) 2007-07-19 04:09:44 EDT
Internet Systems Consortium Security Advisory.

                BIND 9: cryptographically weak query ids.

                              17 July 2007

Versions affected:

    BIND 9.0 (all versions)
    BIND 9.1 (all versions)
    BIND 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.7, 9.2.8
    BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.3.4
    BIND 9.5.0a1, 9.5.0a2, 9.5.0a3, 9.5.0a4, 9.5.0a5

Severity: Medium.

Description:

    The DNS query id generation is vulnerable to cryptographic
    analysis which provides a 1 in 8 chance of guessing the next
    query id for 50% of the query ids.  This can be used to perform
    cache poisoning by an attacker.

    This bug only affects outgoing queries, generated by BIND 9 to
    answer questions as a resolver, or when it is looking up data
    for internal uses, such as when sending NOTIFYs to slave name
    servers.

    All users are encouraged to upgrade.

Workaround:

    None.

Fix:

    Upgrade to BIND 9.2.8-P1, BIND 9.3.4-P1, BIND 9.4.1-P1 or
    BIND 9.5.0a6.

    Questions should be addressed to bind9-bugs@isc.org.

CVE:    CVE-2007-2926   (CERT-US VU#553201)

Acknowledgement:
    Thanks to Amit Klein from Trusteer (www.trusteer.com) for
    reporting this.


*** Embargo set to 23 July 2007 ***
Comment 1 Mark J. Cox (Product Security) 2007-07-19 07:07:32 EDT
patch is http://bugzilla.redhat.com/bugzilla/attachment.cgi?id=159581
Comment 4 Josh Bressers 2007-07-24 07:21:18 EDT
This flaw is now public according to the ISC web site:
http://www.isc.org/index.pl?/sw/bind/

Current Release
  BIND 9.4.1-P1

Maintenance Releases
  BIND 9.3.4-P1
  BIND 9.2.8-P1 (end of life August 2007)
  BIND 8.4.7 
Comment 5 Red Hat Product Security 2008-01-14 11:24:56 EST
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2007-0740.html

Fedora:
  https://admin.fedoraproject.org/updates/F7/FEDORA-2007-1247


Note You need to log in before you can comment on or make changes to this bug.