SecurityTracker: (HP Issues Patches for Tru64) BIND Generates Predictable Query IDs That May Facilitate Cache Poisoning Attacks

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > BIND

Vendors: ISC (Internet Software Consortium)

(HP Issues Patches for Tru64) BIND Generates Predictable Query IDs That May Facilitate Cache Poisoning Attacks

SecurityTracker Alert ID: 1018638

SecurityTracker URL: http://securitytracker.com/id/1018638

CVE Reference: CVE-2007-2926 (Links to External Site)

Date: Aug 31 2007

Impact: Modification of system information

Fix Available: Yes Vendor Confirmed: Yes

Description: A vulnerability was reported in BIND. A remote user can conduct cache poisoning attacks.

The system generates query IDs that have a 1 out of 8 chance of being guessed for half of the query IDs. A remote user may be able to exploit this to conduct cache poisoning attacks.

Only outgoing queries are affected.

Amit Klein from Trusteer (www.trusteer.com) discovered this vulnerability.

Impact: A remote user can conduct cache poisoning attacks.

Solution: HP has issued the following patch kits [quoted].

HP Tru64 UNIX v 5.1B-4
Prerequisite: HP Tru64 UNIX v 5.1B-4 PK6 (BL27)
Name: T64KIT1001268-V51BB27-ES-20070806.tar
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001268-V51BB27-ES-20070806

HP Tru64 UNIX v 5.1B-3
Prerequisite: HP Tru64 UNIX v 5.1B-3 PK5 (BL26)
Name: T64KIT1001273-V51BB26-ES-20070809.tar
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001273-V51BB26-ES-20070809

HP Internet Express for Tru64 UNIX v 6.6
Note: Customers who use IX v 6.6 running BIND should install the HP Tru64 UNIX ERP kit appropriate for their supported operating system version

The fix is planned for inclusion in HP Tru64 UNIX v 5.1B-5 and HP Internet Express for Tru64 UNIX v 6.7.

The HP advisory is available at:

https://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c01154600

Vendor URL: www.isc.org/ (Links to External Site)

Cause: Randomization error

Underlying OS: UNIX (Tru64)

Message History: This archive entry is a follow-up to the message listed below.

BIND Generates Predictable Query IDs That May Facilitate Cache Poisoning Attacks

Source Message Contents

Date: Fri, 31 Aug 2007 11:09:00 -0400
Subject: HPSBTU02256 SSRT071449 rev.1 - HP Tru64 UNIX or HP Tru64 Internet Express running BIND, Remote DNS Cache Poisoning



https://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c01154600

CVE-2007-2926

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC