ISC BIND 8 Security Advisory
ISC Customer Support
sue_graves at isc.org
Mon Aug 27 19:38:29 UTC 2007
The CERT reference for this vulnerability and advisory is: CVE-2007-2930
VU#927905
Versions affected:
BIND 8.x.x (all versions)
I. Description
ISC (Internet Systems Consortium) BIND 8 generates cryptographically
weak DNS query IDs which could allow a remote attacker to poison DNS
caches.
This bug only affects outgoing queries, generated by BIND 8 to answer
questions as a resolver, or when it is looking up data for internal
uses, such as when sending NOTIFYs to slave name servers.
More information about the bind-announce
mailing list