List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] [Fwd: [SA26629] BIND 8 Predictable DNS Query IDs Vulnerability]

Prev Next

You are not authorized to post a reply.

Author

Messages

sbradcpa

Posts:496

08/28/2007 3:18 AM
..speaking of BIND.... -------- Original Message -------- Subject: [SA26629] BIND 8 Predictable DNS Query IDs Vulnerability Date: 28 Aug 2007 19:17:03 -0000 From: Secunia Security Advisories To: sbradcpa@pacbell.net ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: BIND 8 Predictable DNS Query IDs Vulnerability SECUNIA ADVISORY ID: SA26629 VERIFY ADVISORY: http://secunia.com/advisories/26629/ CRITICAL: Moderately critical IMPACT: Spoofing WHERE: >From remote SOFTWARE: ISC BIND 8.x.x http://secunia.com/product/76/ DESCRIPTION: Amit Klein has reported a vulnerability in BIND, which can be exploited by malicious people to poison the DNS cache. The vulnerability is caused due to predictable query IDs in outgoing queries (e.g. if BIND works as resolver or when sending NOTIFYs to slaves) and can be exploited to poison the DNS cache when the query ID is guessed. Reportedly, the probability to guess the next query ID is between 25% and 43%, depending on the handled DNS traffic. The vulnerability is reported in BIND 8.x versions prior to 8.4.7-P1. SOLUTION: Update to BIND 8.4.7-P1. NOTE: BIND 8.x has reached "End of Life". The vendor advises all users to upgrade to BIND 9.4.1-P1. PROVIDED AND/OR DISCOVERED BY: Amit Klein ORIGINAL ADVISORY: ISC: http://www.isc.org/index.pl?/sw/bind/bind8-eol.php Trusteer: http://www.trusteer.com/docs/bind8dns.html OTHER REFERENCES: US-CERT VU#927905: http://www.kb.cert.org/vuls/id/927905 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=sbradcpa%40pacbell.net ---------------------------------------------------------------------- List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx

brettlists User is Offline

Posts:2

08/29/2007 7:52 AM
Also may be of interest to some people, BIND 8 will be unsupported by ISC from later this year so better update to BIND 9. Brett (Ex BIND Support soon to become AD Support again) On 8/28/07, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: ..speaking of BIND....-------- Original Message --------Subject:[SA26629] BIND 8 Predictable DNS Query IDs Vulnerability Date: 28 Aug 2007 19:17:03 -0000From: Secunia Security Advisories To: sbradcpa@pacbell.net ----------------------------------------------------------------------BETA test the new Secunia Personal Software Inspector!The Secunia PSI detects installed software on your computer andcategorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on softwareinstallations where more secure versions are available from thevendors.Download the free PSI BETA from the Secunia website: https://psi.secunia.com/----------------------------------------------------------------------TITLE:BIND 8 Predictable DNS Query IDs VulnerabilitySECUNIA ADVISORY ID:SA26629VERIFY ADVISORY: http://secunia.com/advisories/26629/CRITICAL:Moderately criticalIMPACT:SpoofingWHERE:>From remoteSOFTWARE:ISC BIND 8.x.xhttp://secunia.com/product/76/DESCRIPTION:Amit Klein has reported a vulnerability in BIND, which can beexploited by malicious people to poison the DNS cache. The vulnerability is caused due to predictable query IDs in outgoingqueries (e.g. if BIND works as resolver or when sending NOTIFYs toslaves) and can be exploited to poison the DNS cache when the query ID is guessed.Reportedly, the probability to guess the next query ID is between 25%and 43%, depending on the handled DNS traffic.The vulnerability is reported in BIND 8.x versions prior to 8.4.7-P1. SOLUTION:Update to BIND 8.4.7-P1.NOTE: BIND 8.x has reached "End of Life". The vendor advises allusers to upgrade to BIND 9.4.1-P1.PROVIDED AND/OR DISCOVERED BY:Amit Klein ORIGINAL ADVISORY:ISC:http://www.isc.org/index.pl?/sw/bind/bind8-eol.phpTrusteer:http://www.trusteer.com/docs/bind8dns.html OTHER REFERENCES:US-CERT VU#927905:http://www.kb.cert.org/vuls/id/927905---------------------------------------------------------------------- About:This Advisory was delivered by Secunia as a free service to helpeverybody keeping their systems up to date against the latestvulnerabilities.Subscribe: http://secunia.com/secunia_security_advisories/Definitions: (Criticality, Where etc.)http://secunia.com/about_secunia_advisories/Please Note: Secunia recommends that you verify all advisories you receive byclicking the link.Secunia NEVER sends attached files with advisories.Secunia does not advise people to install third party patches, onlyuse those supplied by the vendor. ----------------------------------------------------------------------Unsubscribe: Secunia Security Advisorieshttp://secunia.com/sec_adv_unsubscribe/?email=sbradcpa%40pacbell.net ----------------------------------------------------------------------List info : http://www.activedir.org/List.aspxList FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ma/default.aspx

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] [Fwd: [SA26629] BIND 8 Predictable DNS Query IDs Vulnerability]

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads