Internet Systems Consortium Security Advisory.
BIND 9: cryptographically weak query ids.
17 July 2007
BIND 9.0 (all versions)
BIND 9.1 (all versions)
BIND 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.7, 9.2.8
BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.3.4
BIND 9.5.0a1, 9.5.0a2, 9.5.0a3, 9.5.0a4, 9.5.0a5
The DNS query id generation is vulnerable to cryptographic
analysis which provides a 1 in 8 chance of guessing the next
query id for 50% of the query ids. This can be used to perform
cache poisoning by an attacker.
This bug only affects outgoing queries, generated by BIND 9 to
answer questions as a resolver, or when it is looking up data
for internal uses, such as when sending NOTIFYs to slave name
All users are encouraged to upgrade.
Upgrade to BIND 9.2.8-P1, BIND 9.3.4-P1, BIND 9.4.1-P1 or
Questions should be addressed to email@example.com.
CVE: CVE-2007-2926 (CERT-US VU#553201)
Thanks to Amit Klein from Trusteer (www.trusteer.com) for
*** Embargo set to 23 July 2007 ***
patch is http://bugzilla.redhat.com/bugzilla/attachment.cgi?id=159581
This flaw is now public according to the ISC web site:
BIND 9.2.8-P1 (end of life August 2007)
This issue was addressed in:
Red Hat Enterprise Linux: