Date: 28 August 2007
References: ESB-2007.0702 ESB-2007.0709 ESB-2007.0940
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2007.0645 -- [UNIX/Linux]
BIND 8: cryptographically weak DNS query IDs
28 August 2007
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: BIND 8
Publisher: Internet Systems Consortium
Operating System: UNIX variants (UNIX, Linux, OSX)
Impact: Provide Misleading Information
Access: Remote/Unauthenticated
CVE Names: CVE-2007-2930
Original Bulletin: http://www.isc.org/sw/bind/bind8-eol.php
Comment: Please note that BIND 8 has reached end of life and therefore will
have no further updates.
- --------------------------BEGIN INCLUDED TEXT--------------------
Internet Systems Consortium Security Advisory.
BIND 8: cryptographically weak DNS query IDs
27 August 2007
The CERT reference for this vulnerability and advisory is: CVE-2007-2930
VU#927905
Versions affected:
BIND 8.x.x (all versions)
I. Description
ISC (Internet Systems Consortium) BIND 8 generates cryptographically
weak DNS query IDs which could allow a remote attacker to poison DNS
caches.
This bug only affects outgoing queries, generated by BIND 8 to answer
questions as a resolver, or when it is looking up data for internal
uses, such as when sending NOTIFYs to slave name servers.
- From the ISC Bind security page:
"The DNS query id generation is vulnerable to analysis which provides a
high chance of guessing the next query id. This can be used to perform
cache poisoning by an attacker."
All users are encouraged to upgrade.
II. Impact
A remote attacker could predict DNS query IDs and respond with arbitrary
answers, thus poisoning DNS caches.
III. Solution
Upgrade or Patch
This issue is addressed in ISC BIND 8.4.7-P1, available as patch that
can be applied to BIND 8.4.7.
The more definitive solution is to upgrade to BIND 9. BIND 8 is being
declared "end of life" by ISC due to multiple architectural issues.
Please see ISC's website at www.isc.org/sw/bind/bind8-eol.php for
additional information and tools.
Note that BIND 8.x.x is End of Life as of August 2007.
Users who obtain BIND 8 from their operating system vendor should see
the systems affected portion of this document for a partial list of
affected vendors.
Acknowledgments
Thanks to Amit Klein from Trusteer (www.trusteer.com) for
reporting this.
__________________
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRtNexSh9+71yA2DNAQIpXwP8CKvdgMeMP+vKhpm53nW8OG6+EOt//MV2
rNwEqf+b62L05wbRndTe4bH+zONvk0YNPr5cSXUdJuTCWDT+Z+Sj4NlZCVSI7SvH
BM4/6Imoqea0udKT5tSgDvhtpcuANAjc2fyySXzp0O5xWqq5sHc0jCqNyQwpm4DH
I24zlayUgfc=
=7BqI
-----END PGP SIGNATURE-----
|