Thread-topic: [SA26629] BIND 8 Predictable DNS Query IDs Vulnerability
ïÂÒÁÔÉÔÅ ×ÎÉÍÁÎÉÅ ÎÁ ÆÒÁÚÕ - "BIND 8.x has reached "End of Life". The vendor
advises all users to upgrade to BIND 9.4.1-P1."
>
> TITLE:
> BIND 8 Predictable DNS Query IDs Vulnerability
>
> SECUNIA ADVISORY ID:
> SA26629
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/26629/
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> Spoofing
>
> WHERE:
> From remote
>
> SOFTWARE:
> ISC BIND 8.x.x
> http://secunia.com/product/76/
>
> DESCRIPTION:
> Amit Klein has reported a vulnerability in BIND, which can be
> exploited by malicious people to poison the DNS cache.
>
> The vulnerability is caused due to predictable query IDs in outgoing
> queries (e.g. if BIND works as resolver or when sending NOTIFYs to
> slaves) and can be exploited to poison the DNS cache when the query
> ID is guessed.
>
> Reportedly, the probability to guess the next query ID is between 25%
> and 43%, depending on the handled DNS traffic.
>
> The vulnerability is reported in BIND 8.x versions prior to 8.4.7-P1.
>
> SOLUTION:
> Update to BIND 8.4.7-P1.
>
> NOTE: BIND 8.x has reached "End of Life". The vendor advises all
> users to upgrade to BIND 9.4.1-P1.
>
> PROVIDED AND/OR DISCOVERED BY:
> Amit Klein
>
> ORIGINAL ADVISORY:
> ISC:
> http://www.isc.org/index.pl?/sw/bind/bind8-eol.php
>
> Trusteer:
> http://www.trusteer.com/docs/bind8dns.html
>
> OTHER REFERENCES:
> US-CERT VU#927905:
> http://www.kb.cert.org/vuls/id/927905
>