Executive Summary
Summary | |
---|---|
Title | Sun Alert 103063 Security Vulnerability in BIND 8 May Allow Cache Poisoning Attack |
Informations | |||
---|---|---|---|
Name | SUN-103063 | First vendor Publication | 2007-09-18 |
Vendor | Sun | Last vendor Modification | 2007-10-15 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Solaris 9 Operating System, Solaris 8 Operating System A security vulnerability in BIND 8 may allow remote unprivileged users the ability to cause named(1M) to return incorrect addresses for Internet hosts, thereby redirecting end users to unintended hosts or services. This issue is also referenced in the following documents: CERT-US VU#927905 at http://www.kb.cert.org/vuls/id/927905 CVE-2007-2930 at http://www.security-database.com/detail.php?cve=CVE-2007-2930 Avoidance: Patch State: Resolved First released: 18-Sep-2007 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_103063_security_vulnerability |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:2154 | |||
Oval ID: | oval:org.mitre.oval:def:2154 | ||
Title: | Security Vulnerability in BIND 8 May Allow Cache Poisoning Attack | ||
Description: | The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2930 | Version: | 1 |
Platform(s): | Sun Solaris 8 Sun Solaris 9 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-05-05 | Name : HP-UX Update for BIND 8 HPSBUX02289 File : nvt/gb_hp_ux_HPSBUX02289.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
36796 | ISC BIND Outgoing Query Predictable DNS Query ID |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-12-04 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHNE_36185.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote host is missing Sun Security Patch number 114265-23 File : solaris9_x86_114265.nasl - Type : ACT_GATHER_INFO |
2007-09-25 | Name : The remote host is missing Sun Security Patch number 112837-24 File : solaris9_112837.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 109326-24 File : solaris8_109326.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 109327-24 File : solaris8_x86_109327.nasl - Type : ACT_GATHER_INFO |