Bug 248851 (CVE-2007-2926) - CVE-2007-2926 bind cryptographically weak query ids
Summary: CVE-2007-2926 bind cryptographically weak query ids
Status: CLOSED ERRATA
Alias: CVE-2007-2926
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,source=bind,reported=...
Keywords: Security
Depends On: 248866 248867 248868 248869 248870 248871 248872 248873 248874
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-07-19 08:09 UTC by Mark J. Cox
Modified: 2014-11-06 22:28 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-14 16:24:56 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:0740 normal SHIPPED_LIVE Moderate: bind security update 2008-01-09 17:16:33 UTC

Description Mark J. Cox 2007-07-19 08:09:44 UTC
Internet Systems Consortium Security Advisory.

                BIND 9: cryptographically weak query ids.

                              17 July 2007

Versions affected:

    BIND 9.0 (all versions)
    BIND 9.1 (all versions)
    BIND 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.7, 9.2.8
    BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.3.4
    BIND 9.5.0a1, 9.5.0a2, 9.5.0a3, 9.5.0a4, 9.5.0a5

Severity: Medium.

Description:

    The DNS query id generation is vulnerable to cryptographic
    analysis which provides a 1 in 8 chance of guessing the next
    query id for 50% of the query ids.  This can be used to perform
    cache poisoning by an attacker.

    This bug only affects outgoing queries, generated by BIND 9 to
    answer questions as a resolver, or when it is looking up data
    for internal uses, such as when sending NOTIFYs to slave name
    servers.

    All users are encouraged to upgrade.

Workaround:

    None.

Fix:

    Upgrade to BIND 9.2.8-P1, BIND 9.3.4-P1, BIND 9.4.1-P1 or
    BIND 9.5.0a6.

    Questions should be addressed to bind9-bugs@isc.org.

CVE:    CVE-2007-2926   (CERT-US VU#553201)

Acknowledgement:
    Thanks to Amit Klein from Trusteer (www.trusteer.com) for
    reporting this.


*** Embargo set to 23 July 2007 ***

Comment 1 Mark J. Cox 2007-07-19 11:07:32 UTC
patch is http://bugzilla.redhat.com/bugzilla/attachment.cgi?id=159581

Comment 4 Josh Bressers 2007-07-24 11:21:18 UTC
This flaw is now public according to the ISC web site:
http://www.isc.org/index.pl?/sw/bind/

Current Release
  BIND 9.4.1-P1

Maintenance Releases
  BIND 9.3.4-P1
  BIND 9.2.8-P1 (end of life August 2007)
  BIND 8.4.7 

Comment 5 Red Hat Product Security 2008-01-14 16:24:56 UTC
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2007-0740.html

Fedora:
  https://admin.fedoraproject.org/updates/F7/FEDORA-2007-1247




Note You need to log in before you can comment on or make changes to this bug.