4.3

CVE-2007-2926

EPSS 15.04%
Veröffentlicht 24.07.2007 17:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cret@cert.org
Teams Watchlist Login
Unerledigt Login

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 70

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Isc ≫ Bind Version9.0

Isc ≫ Bind Version9.1

Isc ≫ Bind Version9.2

Isc ≫ Bind Version9.3

Isc ≫ Bind Version9.4

Isc ≫ Bind Version9.5

Isc ≫ Bind Version9.5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	15.04%	0.943

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://www.isc.org/index.pl?/sw/bind/bind-security.php

http://docs.info.apple.com/article.html?artnum=307041

http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html

http://secunia.com/advisories/27643

http://www.securityfocus.com/bid/26444

http://www.us-cert.gov/cas/techalerts/TA07-319A.html

US Government Resource

http://www.vupen.com/english/advisories/2007/3868

ftp://aix.software.ibm.com/aix/efixes/security/README

http://marc.info/?l=bugtraq&m=141879471518471&w=2

http://secunia.com/advisories/26231

http://www.trustix.org/errata/2007/0023/

http://secunia.com/advisories/26227

http://secunia.com/advisories/26236

http://secunia.com/advisories/26509

http://secunia.com/advisories/26515

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903

http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2007:149

http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html

http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385

http://www.vupen.com/english/advisories/2007/2914

ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01123426

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01154600

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01174368

http://secunia.com/advisories/26148

http://secunia.com/advisories/26152

Vendor Advisory

http://secunia.com/advisories/26160

http://secunia.com/advisories/26180

http://secunia.com/advisories/26195

http://secunia.com/advisories/26217

http://secunia.com/advisories/26261

http://secunia.com/advisories/26308

http://secunia.com/advisories/26330

http://secunia.com/advisories/26531

http://secunia.com/advisories/26605

http://secunia.com/advisories/26607

http://secunia.com/advisories/26847

http://secunia.com/advisories/26925

http://security.freebsd.org/advisories/FreeBSD-SA-07:07.bind.asc

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103018-1

http://support.avaya.com/elmodocs2/security/ASA-2007-389.htm

http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02218&apar=only

http://www-1.ibm.com/support/search.wss?rs=0&q=IZ02219&apar=only

http://www.debian.org/security/2007/dsa-1341

http://www.kb.cert.org/vuls/id/252735

US Government Resource

http://www.novell.com/linux/security/advisories/2007_47_bind.html

http://www.redhat.com/support/errata/RHSA-2007-0740.html

http://www.securiteam.com/securitynews/5VP0L0UM0A.html

http://www.securityfocus.com/archive/1/474516/100/0/threaded

http://www.securityfocus.com/archive/1/474545/100/0/threaded

http://www.securityfocus.com/archive/1/474808/100/0/threaded

http://www.securityfocus.com/archive/1/474856/100/0/threaded

http://www.securityfocus.com/bid/25037

http://www.securitytracker.com/id?1018442

http://www.trusteer.com/docs/bind9dns.html

http://www.trusteer.com/docs/bind9dns_s.html

http://www.ubuntu.com/usn/usn-491-1

http://www.vupen.com/english/advisories/2007/2627

http://www.vupen.com/english/advisories/2007/2662

http://www.vupen.com/english/advisories/2007/2782

http://www.vupen.com/english/advisories/2007/2932

http://www.vupen.com/english/advisories/2007/3242

https://exchange.xforce.ibmcloud.com/vulnerabilities/35575

https://issues.rpath.com/browse/RPL-1587

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10293

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2226

https://nvd.nist.gov/vuln/detail/CVE-2007-2926

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-2926

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-2926

EUVD