CVE-2007-2926

N/A Unknown

Published: July 24, 2007 Modified: April 23, 2026

Description

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

ftp://aix.software.ibm.com/aix/efixes/security/README

Source: cret@cert.org

ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc

Source: cret@cert.org

http://docs.info.apple.com/article.html?artnum=307041

Source: cret@cert.org

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01123426

Source: cret@cert.org

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01154600

Source: cret@cert.org

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01174368

Source: cret@cert.org

http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html

Source: cret@cert.org

http://marc.info/?l=bugtraq&m=141879471518471&w=2

Source: cret@cert.org

http://secunia.com/advisories/26148

Source: cret@cert.org

http://secunia.com/advisories/26152

Source: cret@cert.org

Vendor Advisory

http://secunia.com/advisories/26160

Source: cret@cert.org

http://secunia.com/advisories/26180

Source: cret@cert.org

http://secunia.com/advisories/26195

Source: cret@cert.org

http://secunia.com/advisories/26217

Source: cret@cert.org

http://secunia.com/advisories/26227

Source: cret@cert.org

http://secunia.com/advisories/26231

Source: cret@cert.org

http://secunia.com/advisories/26236

Source: cret@cert.org

http://secunia.com/advisories/26261

Source: cret@cert.org

http://secunia.com/advisories/26308

Source: cret@cert.org

http://secunia.com/advisories/26330

Source: cret@cert.org

http://secunia.com/advisories/26509

Source: cret@cert.org

http://secunia.com/advisories/26515

Source: cret@cert.org

http://secunia.com/advisories/26531

Source: cret@cert.org

http://secunia.com/advisories/26605

Source: cret@cert.org

http://secunia.com/advisories/26607

Source: cret@cert.org

http://secunia.com/advisories/26847

Source: cret@cert.org

http://secunia.com/advisories/26925

Source: cret@cert.org

http://secunia.com/advisories/27643

Source: cret@cert.org

http://security.freebsd.org/advisories/FreeBSD-SA-07:07.bind.asc

Source: cret@cert.org

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103018-1

Source: cret@cert.org

http://support.avaya.com/elmodocs2/security/ASA-2007-389.htm

Source: cret@cert.org

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903

Source: cret@cert.org

http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02218&apar=only

Source: cret@cert.org

http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02219&apar=only

Source: cret@cert.org

http://www.debian.org/security/2007/dsa-1341

Source: cret@cert.org

http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml

Source: cret@cert.org

http://www.isc.org/index.pl?/sw/bind/bind-security.php

Source: cret@cert.org

http://www.kb.cert.org/vuls/id/252735

Source: cret@cert.org

US Government Resource

http://www.mandriva.com/security/advisories?name=MDKSA-2007:149

Source: cret@cert.org

http://www.novell.com/linux/security/advisories/2007_47_bind.html

Source: cret@cert.org

http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html

Source: cret@cert.org

http://www.redhat.com/support/errata/RHSA-2007-0740.html

Source: cret@cert.org

http://www.securiteam.com/securitynews/5VP0L0UM0A.html

Source: cret@cert.org

http://www.securityfocus.com/archive/1/474516/100/0/threaded

Source: cret@cert.org

http://www.securityfocus.com/archive/1/474545/100/0/threaded

Source: cret@cert.org

http://www.securityfocus.com/archive/1/474808/100/0/threaded

Source: cret@cert.org

http://www.securityfocus.com/archive/1/474856/100/0/threaded

Source: cret@cert.org

http://www.securityfocus.com/bid/25037

Source: cret@cert.org

http://www.securityfocus.com/bid/26444

Source: cret@cert.org

http://www.securitytracker.com/id?1018442

Source: cret@cert.org

http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385

Source: cret@cert.org

http://www.trusteer.com/docs/bind9dns.html

Source: cret@cert.org

http://www.trusteer.com/docs/bind9dns_s.html

Source: cret@cert.org

http://www.trustix.org/errata/2007/0023/

Source: cret@cert.org

http://www.ubuntu.com/usn/usn-491-1

Source: cret@cert.org

http://www.us-cert.gov/cas/techalerts/TA07-319A.html

Source: cret@cert.org

US Government Resource

http://www.vupen.com/english/advisories/2007/2627

Source: cret@cert.org

http://www.vupen.com/english/advisories/2007/2662

Source: cret@cert.org

http://www.vupen.com/english/advisories/2007/2782

Source: cret@cert.org

http://www.vupen.com/english/advisories/2007/2914

Source: cret@cert.org

http://www.vupen.com/english/advisories/2007/2932

Source: cret@cert.org

http://www.vupen.com/english/advisories/2007/3242

Source: cret@cert.org

http://www.vupen.com/english/advisories/2007/3868

Source: cret@cert.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/35575

Source: cret@cert.org

https://issues.rpath.com/browse/RPL-1587

Source: cret@cert.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10293

Source: cret@cert.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2226

Source: cret@cert.org

ftp://aix.software.ibm.com/aix/efixes/security/README