ISC BIND 8 Security Advisory

ISC Customer Support sue_graves at
Mon Aug 27 19:38:29 UTC 2007

The CERT reference for this vulnerability and advisory is: CVE-2007-2930

Versions affected:
	BIND 8.x.x (all versions)

I. Description

ISC (Internet Systems Consortium) BIND 8 generates cryptographically
weak DNS query IDs which could allow a remote attacker to poison DNS

This bug only affects outgoing queries, generated by BIND 8 to answer
questions as a resolver, or when it is looking up data for internal
uses, such as when sending NOTIFYs to slave name servers.

More information about the bind-announce mailing list