CVE-2007-2930
ISC BIND 8 - Remote Cache Poisoning
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.
Los algoritmos PRNG (1) NSID_SHUFFLE_ONLY y (2) NSID_USE_POOL en ISC BIND 8 anterior a 8.4.7-P1 generan identificadores de petición DNS predecibles cuando envían peticiones salientes tales como mensajes NOTIFY cuando responden preguntas como resolvedor, lo cual permite a atacantes remotos falsear las cachés DNS a través de vectores desconocido. NOTA: este problema es diferente de CVE-2007-2926.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-05-30 CVE Reserved
- 2007-08-27 First Exploit
- 2007-09-12 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (30)
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/30535 | 2007-08-27 | |
https://www.exploit-db.com/exploits/30536 | 2007-08-27 |
URL | Date | SRC |
---|---|---|
http://www.ciac.org/ciac/bulletins/r-333.shtml | 2018-10-16 | |
http://www.isc.org/index.pl?/sw/bind/bind8-eol.php | 2018-10-16 | |
http://www.kb.cert.org/vuls/id/927905 | 2018-10-16 |