Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > July 2007 > 3275 - OpenPKG Bind Security Advisory

July 2007

3275 - OpenPKG Bind Security Advisory

ID: 3275
Date: 26 July 2007 12:17
Title: 3275 - OpenPKG Bind Security Advisory
Abstract: The default access control lists (acls) are not being correctly set, as a result, anyone can make recursive queries and/or query the cache contents. In addition, the DNS query id generation is vulnerable to cryptographic analysis which provides a 1 in 8 chance of guessing the next query id for 50% of the query ids. This can be used to perform cache poisoning by an attacker.
Vendors affected:OpenPKG
Applications affected:Bind
Warning Status: Imminent
Potential Damage: Remote execution/modification
Availability of fix: Available
Type of fix: Patch
Source: OpenPKG
Reliability of source: Trusted
Source URL: http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html
CVE: CVE-2007-2925, CVE-2007-2926

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

____________________________________________________________________________

Publisher Name:          OpenPKG GmbH
Publisher Home:          http://openpkg.com/

Advisory Id (public):    OpenPKG-SA-2007.022
Advisory Type:           OpenPKG Security Advisory (SA)
Advisory Directory:      http://openpkg.com/go/OpenPKG-SA
Advisory Document:       http://openpkg.com/go/OpenPKG-SA-2007.022
Advisory Published:      2007-07-25 12:18 UTC

Issue Id (internal):     OpenPKG-SI-20070725.01
Issue First Created:     2007-07-25
Issue Last Modified:     2007-07-25
Issue Revision:          04
____________________________________________________________________________

Subject Name:            bind
Subject Summary:         DNS Server
Subject Home:            http://www.isc.org/sw/bind/
Subject Versions:        9.* <= 9.4.1-P1

Vulnerability Id:        CVE-2007-2925, CVE-2007-2926
Vulnerability Scope:     global (not OpenPKG specific)

Attack Feasibility:      run-time
Attack Vector:           remote network
Attack Impact:           privilege escalation

Description:
    As confirmed [0] by the vendor, two vulnerabilities exist in the DNS
    server BIND [1]:
   
    1. The default access control lists (acls) are not being correctly
    set. If not set anyone can make recursive queries and/or query the
    cache contents.
   
    2. The DNS query id generation is vulnerable to cryptographic
    analysis which provides a 1 in 8 chance of guessing the next query
    id for 50% of the query ids. This can be used to perform cache
    poisoning by an attacker. This bug only affects outgoing queries,
    generated by BIND 9 to answer questions as a resolver, or when it is
    looking up data for internal uses, such as when sending NOTIFYs to
    slave name servers.

References:
    [0] http://www.isc.org/sw/bind/bind-security.php
    [1] http://www.isc.org/sw/bind/
____________________________________________________________________________

Primary Package Name:    bind
Primary Package Home:    http://openpkg.org/go/package/bind

Corrected Distribution:  Corrected Branch: Corrected Package:
OpenPKG Community        CURRENT           bind-9.4.1p1-20070725
____________________________________________________________________________

For security reasons, this document was digitally signed with the OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34) which you can download from http://openpkg.com/openpkg.com.pgp
or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/.
Follow the instructions at http://openpkg.com/security/signatures/
for more details on how to verify the integrity of this document.
____________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG GmbH <http://openpkg.com/>

iD8DBQFGpyOXZwQuyWG3rjQRAkOlAKDZBMOEXpV5uq4cuPJHtU27MiK0YACeJojc
DmLNgVHAAWQ9UtDuELHxFq8=
=wNTs
-----END PGP SIGNATURE-----


 

This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.

The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.

CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |