{"vuid":"VU#252735","idnumber":"252735","name":"ISC BIND generates cryptographically weak DNS query IDs","keywords":["ISC","BIND","cryptographically weak query ids","BIND_072407","apple_2007_008"],"overview":"ISC (Internet Systems Consortiuim) BIND generates cryptographically weak DNS query IDs which could allow a remote attacker to poison DNS caches.","clean_desc":"From the ISC Bind security page: The DNS query id generation is vulnerable to cryptographic analysis which provides a 1 in 8 chance of guessing the next query id for 50% of the query ids. This can be used to perform cache poisoning by an attacker. This bug only affects outgoing queries, generated by BIND 9 to answer questions as a resolver, or when it is looking up data for internal uses, such as when sending NOTIFYs to slave name servers. All users are encouraged to upgrade.","impact":"A remote attacker could predict DNS query IDs and respond with arbitrary answers, thus poisoning DNS caches.","resolution":"Upgrade or Patch This issue is addressed in ISC BIND 9.2.8-P1, BIND 9.3.4-P1, BIND 9.4.1-P1 or BIND 9.5.0a6. Users who obtain BIND from their operating system vendor should see the systems affected portion of this document for a partial list of affected vendors.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by ISC who credit Amit Klein from \nTrusteer","author":"This document was written by Ryan Giobbi.","public":["http://www.isc.org/sw/bind/bind-security.php","http://www.trusteer.com/docs/bind9dns.html","http://jvn.jp/cert/JVNVU%23252735/index.html","http://secunia.com/advisories/26195/","http://www.milw0rm.com/exploits/4266","http://docs.info.apple.com/article.html?artnum=307041"],"cveids":["CVE-2007-2926"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-06-21T14:00:29Z","publicdate":"2007-07-24T00:00:00Z","datefirstpublished":"2007-07-27T14:50:06Z","dateupdated":"2008-08-06T13:02:29Z","revision":27,"vrda_d1_directreport":"1","vrda_d1_population":"4","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"19","cam_population":"20","cam_impact":"6","cam_easeofexploitation":"5","cam_attackeraccessrequired":"10","cam_scorecurrent":"3.825","cam_scorecurrentwidelyknown":"4.3875","cam_scorecurrentwidelyknownexploited":"6.6375","ipprotocol":"udp","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":3.825,"vulnote":null}