NVD

Id
55085  
Name
CVE-2007-2926  
Description
ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-07  
Published
2007-07-24  
Modified Date
2015-03-16  
Seq
2007-2926  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
279832 55085 CVE-2007-2926 ftp://aix.software.ibm.com/aix/efixes/security/README  View
279833 55085 CVE-2007-2926 20070801-01-P  View
279834 55085 CVE-2007-2926 http://docs.info.apple.com/article.html?artnum=307041  View
279835 55085 CVE-2007-2926 SSRT071449  View
279836 55085 CVE-2007-2926 HPSBTU02256  View
279837 55085 CVE-2007-2926 HPSBOV02261  View
279838 55085 CVE-2007-2926 APPLE-SA-2007-11-14  View
279839 55085 CVE-2007-2926 SSRT101004  View
279840 55085 CVE-2007-2926 oval:org.mitre.oval:def:10293  View
279841 55085 CVE-2007-2926 oval:org.mitre.oval:def:2226  View
279842 55085 CVE-2007-2926 FreeBSD-SA-07:07  View
279843 55085 CVE-2007-2926 103018  View
279844 55085 CVE-2007-2926 http://support.avaya.com/elmodocs2/security/ASA-2007-389.htm  View
279845 55085 CVE-2007-2926 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903  View
279846 55085 CVE-2007-2926 IZ02218  View
279847 55085 CVE-2007-2926 IZ02219  View
279848 55085 CVE-2007-2926 DSA-1341  View
279849 55085 CVE-2007-2926 GLSA-200708-13  View
279850 55085 CVE-2007-2926 http://www.isc.org/index.pl?/sw/bind/bind-security.php  View
279851 55085 CVE-2007-2926 VU#252735  View
279852 55085 CVE-2007-2926 MDKSA-2007:149  View
279853 55085 CVE-2007-2926 SUSE-SA:2007:047  View
279854 55085 CVE-2007-2926 OpenPKG-SA-2007.022  View
279855 55085 CVE-2007-2926 RHSA-2007:0740  View
279856 55085 CVE-2007-2926 http://www.securiteam.com/securitynews/5VP0L0UM0A.html  View
279857 55085 CVE-2007-2926 20070724 Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)  View
279858 55085 CVE-2007-2926 20070727 Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)  View
279859 55085 CVE-2007-2926 20070724 "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)  View
279860 55085 CVE-2007-2926 20070726 Re: "BIND 9 DNS Cache Poisoning" by Amit Klein (Trusteer)  View
279861 55085 CVE-2007-2926 25037  View
279862 55085 CVE-2007-2926 26444  View
279863 55085 CVE-2007-2926 1018442  View
279864 55085 CVE-2007-2926 SSA:2007-207-01  View
279865 55085 CVE-2007-2926 http://www.trusteer.com/docs/bind9dns.html  View
279866 55085 CVE-2007-2926 http://www.trusteer.com/docs/bind9dns_s.html  View
279867 55085 CVE-2007-2926 2007-0023  View
279868 55085 CVE-2007-2926 USN-491-1  View
279869 55085 CVE-2007-2926 TA07-319A  View
279870 55085 CVE-2007-2926 ADV-2007-2627  View
279871 55085 CVE-2007-2926 ADV-2007-2662  View
279872 55085 CVE-2007-2926 ADV-2007-2782  View
279873 55085 CVE-2007-2926 ADV-2007-2914  View
279874 55085 CVE-2007-2926 ADV-2007-2932  View
279875 55085 CVE-2007-2926 ADV-2007-3242  View
279876 55085 CVE-2007-2926 ADV-2007-3868  View
279877 55085 CVE-2007-2926 isc-bind-queryid-spoofing(35575)  View
279878 55085 CVE-2007-2926 https://issues.rpath.com/browse/RPL-1587  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
51886 JVNDB-2007-000549 BIND9 の乱数生成に脆弱性 BIND9 が DNS メッセージの識別に使うために生成する ID 情報は推測しやすい乱数になっており、遠隔の第三者からの不正な response パケットによってキャッシュ汚染を引き起こされる可能性があります。 CVE-2007-2926 26281 CVE-2007-2926 55085 6.8 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000549.html 2007-07-26 2007-11-28 View