ISC BIND 8 Security Advisory

ISC Customer Support sue_graves at isc.org
Mon Aug 27 19:38:29 UTC 2007


The CERT reference for this vulnerability and advisory is: CVE-2007-2930
VU#927905

Versions affected:
	BIND 8.x.x (all versions)

I. Description

ISC (Internet Systems Consortium) BIND 8 generates cryptographically
weak DNS query IDs which could allow a remote attacker to poison DNS
caches.

This bug only affects outgoing queries, generated by BIND 8 to answer
questions as a resolver, or when it is looking up data for internal
uses, such as when sending NOTIFYs to slave name servers.



More information about the bind-announce mailing list