No subject
Fri Feb 17 00:32:05 UTC 2012
"The DNS query id generation is vulnerable to analysis which provides a
high chance of guessing the next query id. This can be used to perform
cache poisoning by an attacker."
All users are encouraged to upgrade.
II. Impact
A remote attacker could predict DNS query IDs and respond with arbitrary
answers, thus poisoning DNS caches.
III. Solution
Upgrade or Patch
This issue is addressed in ISC BIND 8.4.7-P1, available as patch that
can be applied to BIND 8.4.7.
The more definitive solution is to upgrade to BIND 9. BIND 8 is being
declared "end of life" by ISC due to multiple architectural issues.
Please see ISC's website at www.isc.org/sw/bind/bind8-eol.php for
additional information and tools.
Note that BIND 8.x.x is End of Life as of August 2007.
Users who obtain BIND 8 from their operating system vendor should see
the systems affected portion of this document for a partial list of
affected vendors.
Acknowledgments
Thanks to Amit Klein from Trusteer (www.trusteer.com) for
reporting this.
__________________
More information about the bind-announce
mailing list