CVE-2007-2926

Name of the Vulnerable Software and Affected Versions ISC BIND 9 versions through 9.5.0a5 libdns16 (affected versions not specified) libdns22 (affected versions not specified) libisccc0 (affected versions not specified) libisccfg0 (affected versions not specified) libisccfg1 (affected versions not specified) liblwres1 (affected versions not specified) liblwres9 (affected versions not specified) nss lwres (affected versions not specified)

Description The issue involves multiple vulnerabilities in various packages of the Debian GNU/Linux and openSUSE operating systems, which can lead to a breach of protected information integrity. These vulnerabilities can be exploited remotely. Specifically, ISC BIND 9 uses a weak random number generator during the generation of DNS query ids, making it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

Recommendations For ISC BIND 9 versions through 9.5.0a5, update to a version that uses a secure random number generator. For libdns16, consider disabling the package until a patch is available. For libdns22, consider disabling the package until a patch is available. For libisccc0, consider disabling the package until a patch is available. For libisccfg0, consider disabling the package until a patch is available. For libisccfg1, consider disabling the package until a patch is available. For liblwres1, consider disabling the package until a patch is available. For liblwres9, consider disabling the package until a patch is available. For nss lwres, consider disabling the package until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.