Internet Systems Consortium Security Advisory.
BIND 8: cryptographically weak DNS query IDs
27 August 2007

The CERT reference for this vulnerability and advisory is: CVE-2007-2930
VU#927905

Versions affected:
BIND 8.x.x (all versions)

I. Description

ISC (Internet Systems Consortium) BIND 8 generates cryptographically
weak DNS query IDs which could allow a remote attacker to poison DNS
caches.

This bug only affects outgoing queries, generated by BIND 8 to answer
questions as a resolver, or when it is looking up data for internal
uses, such as when sending NOTIFYs to slave name servers.

From the ISC Bind security page:

"The DNS query id generation is vulnerable to analysis which provides a
high chance of guessing the next query id. This can be used to perform
cache poisoning by an attacker."

All users are encouraged to upgrade.


II. Impact

A remote attacker could predict DNS query IDs and respond with arbitrary
answers, thus poisoning DNS caches.

III. Solution

Upgrade or Patch

This issue is addressed in ISC BIND 8.4.7-P1, available as patch that
can be applied to BIND 8.4.7.

The more definitive solution is to upgrade to BIND 9. BIND 8 is being
declared "end of life" by ISC due to multiple architectural issues.
Please see ISC's website at www.isc.org/sw/bind/bind8-eol.php for
additional information and tools.

Note that BIND 8.x.x is End of Life as of August 2007.

Users who obtain BIND 8 from their operating system vendor should see
the systems affected portion of this document for a partial list of
affected vendors.

Acknowledgments

Thanks to Amit Klein from Trusteer (www.trusteer.com) for
reporting this.
__________________