Vulnerability DatabaseCVE-2007-2926
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2007-2926
July 24, 2007
ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.
Related ResourcesĀ (67)
http://secunia.com/advisories/26531
http://secunia.com/advisories/26925
http://www.vupen.com/english/advisories/2007/2662
ftp://aix.software.ibm.com/aix/efixes/security/README
http://secunia.com/advisories/26227
http://www.mandriva.com/security/advisories?name=MDKSA-2007:149
http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02218&apar=only
http://www.us-cert.gov/cas/techalerts/TA07-319A.html
https://issues.rpath.com/browse/RPL-1587
http://secunia.com/advisories/26217
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01154600
http://secunia.com/advisories/26231
http://secunia.com/advisories/26515
http://www.securityfocus.com/archive/1/474856/100/0/threaded
http://www.vupen.com/english/advisories/2007/2627
http://www.kb.cert.org/vuls/id/252735
http://www.securityfocus.com/bid/26444
http://www.trusteer.com/docs/bind9dns_s.html
http://secunia.com/advisories/26509
http://secunia.com/advisories/26605
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01123426
http://www.novell.com/linux/security/advisories/2007_47_bind.html
http://www.trusteer.com/docs/bind9dns.html
http://secunia.com/advisories/26180
http://secunia.com/advisories/26607
http://www.securiteam.com/securitynews/5VP0L0UM0A.html
http://secunia.com/advisories/26847
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html
http://secunia.com/advisories/26236
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385
http://secunia.com/advisories/26330
ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc
http://secunia.com/advisories/27643
http://www.debian.org/security/2007/dsa-1341
http://www.trustix.org/errata/2007/0023/
http://www.vupen.com/english/advisories/2007/2782
http://security.freebsd.org/advisories/FreeBSD-SA-07:07.bind.asc
http://www.vupen.com/english/advisories/2007/2914
http://www.vupen.com/english/advisories/2007/3242
http://support.avaya.com/elmodocs2/security/ASA-2007-389.htm
http://docs.info.apple.com/article.html?artnum=307041
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903
http://www.securityfocus.com/archive/1/474545/100/0/threaded
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
http://www.ubuntu.com/usn/usn-491-1
http://secunia.com/advisories/26195
http://secunia.com/advisories/26261
http://secunia.com/advisories/26308
http://www.securityfocus.com/archive/1/474516/100/0/threaded
http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml
http://www.redhat.com/support/errata/RHSA-2007-0740.html
http://secunia.com/advisories/26148
http://www.securityfocus.com/bid/25037
http://secunia.com/advisories/26152
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2226
https://exchange.xforce.ibmcloud.com/vulnerabilities/35575
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01174368
http://www.isc.org/index.pl?/sw/bind/bind-security.php
http://www.securitytracker.com/id?1018442
http://www.securityfocus.com/archive/1/474808/100/0/threaded
http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02219&apar=only
http://www.vupen.com/english/advisories/2007/2932
http://secunia.com/advisories/26160
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103018-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10293
http://marc.info/?l=bugtraq&m=141879471518471&w=2
http://www.vupen.com/english/advisories/2007/3868
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
3.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE
CVSS v2
Base Score:
4.3
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
EPSS
Base Score:
19.94