Home > Vulnerability Database > CVE-2007-2926

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2007-2926

Date: July 24, 2007

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

Severity Score

3.7

Related Resources (69)

Url: http://docs.info.apple.com/article.html?artnum=307041

Url: http://secunia.com/advisories/26152

Url: http://www.redhat.com/support/errata/RHSA-2007-0740.html

Url: http://www.securitytracker.com/id?1018442

Url: http://secunia.com/advisories/26195

Url: http://www.trustix.org/errata/2007/0023/

Url: ftp://aix.software.ibm.com/aix/efixes/security/README

Url: http://www.vupen.com/english/advisories/2007/3242

Url: http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html

Url: http://www.isc.org/index.pl?/sw/bind/bind-security.php

Url: http://www.securityfocus.com/archive/1/474545/100/0/threaded

Url: http://www.securiteam.com/securitynews/5VP0L0UM0A.html

Url: http://secunia.com/advisories/26308

Url: http://marc.info/?l=bugtraq&m=141879471518471&w=2

Url: http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385

Url: http://secunia.com/advisories/26509

Url: http://www.vupen.com/english/advisories/2007/2627

Url: http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02219&apar=only

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/35575

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2226

Url: http://secunia.com/advisories/26227

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01174368

Url: http://secunia.com/advisories/26148

Url: http://secunia.com/advisories/26160

Url: ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc

Url: http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02218&apar=only

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10293

Url: http://www.vupen.com/english/advisories/2007/2782

Url: http://www.vupen.com/english/advisories/2007/2662

Url: http://www.vupen.com/english/advisories/2007/3868

Url: http://www.vupen.com/english/advisories/2007/2932

Url: http://secunia.com/advisories/26515

Url: http://www.us-cert.gov/cas/techalerts/TA07-319A.html

Url: http://secunia.com/advisories/26231

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01154600

Url: http://secunia.com/advisories/26236

Url: http://secunia.com/advisories/27643

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01123426

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103018-1

Url: https://issues.rpath.com/browse/RPL-1587

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-2926

Url: http://www.debian.org/security/2007/dsa-1341

Url: http://secunia.com/advisories/26847

Url: http://secunia.com/advisories/26605

Url: http://www.securityfocus.com/archive/1/474856/100/0/threaded

Url: http://www.novell.com/linux/security/advisories/2007_47_bind.html

Url: http://secunia.com/advisories/26607

Url: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903

Url: http://secunia.com/advisories/26925

Url: http://www.securityfocus.com/archive/1/474808/100/0/threaded

Url: http://www.securityfocus.com/archive/1/474516/100/0/threaded

Url: http://www.trusteer.com/docs/bind9dns_s.html

Url: http://secunia.com/advisories/26180

Url: http://security.freebsd.org/advisories/FreeBSD-SA-07:07.bind.asc

Url: http://www.trusteer.com/docs/bind9dns.html

Url: http://www.securityfocus.com/bid/25037

Url: http://secunia.com/advisories/26261

Url: http://www.ubuntu.com/usn/usn-491-1

Url: http://www.securityfocus.com/bid/26444

Url: http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html

Url: http://support.avaya.com/elmodocs2/security/ASA-2007-389.htm

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:149

Url: http://www.kb.cert.org/vuls/id/252735

Url: http://secunia.com/advisories/26217

Url: http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml

Url: http://www.vupen.com/english/advisories/2007/2914

Url: http://secunia.com/advisories/26531

Url: http://secunia.com/advisories/26330

Url: https://www.mend.io/vulnerability-database/CVE-2007-2926

Severity Score

3.7

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us