CVE-2007-2926 in BINDinfo

Summary

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

Once again VulDB remains the best source for vulnerability data.

Reservation

05/30/2007

Disclosure

07/24/2007

Moderation

VulDB entry created

Entries

VDB-37954 (1)

CPE

ready

CWE

CWE-332 (Unconfirmed)

Exploit

Download

CVSS

5.3

EPSS

0.20560

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-2926
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-2926
CVE Details	https://www.cvedetails.com/cve/CVE-2007-2926/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!