Internet Systems Consortium Security Advisory. BIND 9: cryptographically weak query ids. 17 July 2007 Versions affected: BIND 9.0 (all versions) BIND 9.1 (all versions) BIND 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.7, 9.2.8 BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.3.4 BIND 9.5.0a1, 9.5.0a2, 9.5.0a3, 9.5.0a4, 9.5.0a5 Severity: Medium. Description: The DNS query id generation is vulnerable to cryptographic analysis which provides a 1 in 8 chance of guessing the next query id for 50% of the query ids. This can be used to perform cache poisoning by an attacker. This bug only affects outgoing queries, generated by BIND 9 to answer questions as a resolver, or when it is looking up data for internal uses, such as when sending NOTIFYs to slave name servers. All users are encouraged to upgrade. Workaround: None. Fix: Upgrade to BIND 9.2.8-P1, BIND 9.3.4-P1, BIND 9.4.1-P1 or BIND 9.5.0a6. Questions should be addressed to bind9-bugs. CVE: CVE-2007-2926 (CERT-US VU#553201) *** Embargo set to 23 July 2007 ***
patch is http://bugzilla.redhat.com/bugzilla/attachment.cgi?id=159581
This flaw is now public according to the ISC web site: http://www.isc.org/index.pl?/sw/bind/ Current Release BIND 9.4.1-P1 Maintenance Releases BIND 9.3.4-P1 BIND 9.2.8-P1 (end of life August 2007) BIND 8.4.7
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2007-0740.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-1247