CVE-2007-2926

Source
https://nvd.nist.gov/vuln/detail/CVE-2007-2926
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2007-2926.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2007-2926
Related
Published
2007-07-24T17:30:00Z
Modified
2024-09-11T02:00:05Z
Summary
[none]
Details

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

References

Affected packages

Debian:11 / bind9

Package

Name
bind9
Purl
pkg:deb/debian/bind9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:9.4.1-P1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / bind9

Package

Name
bind9
Purl
pkg:deb/debian/bind9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:9.4.1-P1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / bind9

Package

Name
bind9
Purl
pkg:deb/debian/bind9?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:9.4.1-P1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}