BIND 9: cryptographically weak query ids

Summary: 
The DNS query id generation is vulnerable to cryptographic analysis
CVE: 
CVE-2007-2926
CERT: 
VU#252735
Posting date: 
24 Jul 2007
Program Impacted: 
BIND
Versions affected: 
9.0 (all versions), 9.1 (all versions), 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.7, 9.2.8, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.4.0, 9.4.1
Severity: 
Medium
Exploitable: 
Remotely
Description: 

The DNS query id generation is vulnerable to cryptographic analysis which provides a 1 in 8 chance of guessing the next query id for 50% of the query ids. This can be used to perform cache poisoning by an attacker.

This bug only affects outgoing queries, generated by BIND 9 to answer questions as a resolver, or when it is looking up data for internal uses, such as when sending NOTIFYs to slave name servers.

All users are encouraged to upgrade.

Workarounds: 

None.

Active exploits: 
None known at this time.
Solution: 

Upgrade to BIND 9.2.8-P1, BIND 9.3.4-P1, BIND 9.4.1-P1 or BIND 9.5.0a6.

Acknowledgment:

Amit Klein from Trusteer (www.trusteer.com) found this vulnerability.

Share this