Executive Summary

Informations
NameCVE-2007-2930First vendor Publication2007-09-11
VendorCveLast vendor Modification2018-10-16

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2930

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:2154
 
Oval ID: oval:org.mitre.oval:def:2154
Title: Security Vulnerability in BIND 8 May Allow Cache Poisoning Attack
Description: The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.
Family: unix Class: vulnerability
Reference(s): CVE-2007-2930
Version: 1
Platform(s): Sun Solaris 8
Sun Solaris 9
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application48

OpenVAS Exploits

DateDescription
2009-05-05Name : HP-UX Update for BIND 8 HPSBUX02289
File : nvt/gb_hp_ux_HPSBUX02289.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
36796ISC BIND Outgoing Query Predictable DNS Query ID

Nessus® Vulnerability Scanner

DateDescription
2007-12-04Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHNE_36185.nasl - Type : ACT_GATHER_INFO
2007-10-17Name : The remote host is missing Sun Security Patch number 114265-23
File : solaris9_x86_114265.nasl - Type : ACT_GATHER_INFO
2007-09-25Name : The remote host is missing Sun Security Patch number 112837-24
File : solaris9_112837.nasl - Type : ACT_GATHER_INFO
2004-07-12Name : The remote host is missing Sun Security Patch number 109326-24
File : solaris8_109326.nasl - Type : ACT_GATHER_INFO
2004-07-12Name : The remote host is missing Sun Security Patch number 109327-24
File : solaris8_x86_109327.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/25459
BUGTRAQ http://www.securityfocus.com/archive/1/477870/100/100/threaded
http://www.securityfocus.com/archive/1/481424/100/0/threaded
http://www.securityfocus.com/archive/1/481659/100/0/threaded
CERT-VN http://www.kb.cert.org/vuls/id/927905
CIAC http://www.ciac.org/ciac/bulletins/r-333.shtml
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-448.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=653968
http://www.isc.org/index.pl?/sw/bind/bind8-eol.php
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/43/022954-01.pdf
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&I...
HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01283837
MISC http://www.trusteer.com/docs/bind8dns.html
SECTRACK http://www.securitytracker.com/id?1018615
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-103063-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200859-1
VUPEN http://www.vupen.com/english/advisories/2007/2991
http://www.vupen.com/english/advisories/2007/3192
http://www.vupen.com/english/advisories/2007/3639
http://www.vupen.com/english/advisories/2007/3668
http://www.vupen.com/english/advisories/2007/3936

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
DateInformations
2019-03-16 12:01:44
  • Multiple Updates
2018-10-16 21:19:58
  • Multiple Updates
2017-10-11 09:23:59
  • Multiple Updates
2016-06-28 16:33:31
  • Multiple Updates
2016-04-26 16:11:39
  • Multiple Updates
2014-02-17 10:40:21
  • Multiple Updates
2013-05-11 10:27:10
  • Multiple Updates