[Bug 295040] New: bind 9.3.2 Remote Cache Poisoning Vulnerability
https://bugzilla.novell.com/show_bug.cgi?id=295040 Summary: bind 9.3.2 Remote Cache Poisoning Vulnerability Product: openSUSE 10.2 Version: Final Platform: All URL: http://www.trusteer.com/docs/bind9dns.html OS/Version: openSUSE 10.2 Status: NEW Keywords: security_vulnerability Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: bschumnn@fmp-berlin.de QAContact: qa@suse.de Found By: Other ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning. I guess SuSE is vulnerable, too? http://www.trusteer.com/docs/bind9dns.html http://www.isc.org/index.pl?/sw/bind/bind-security.php http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2926 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=295040#c1 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #1 from Ludwig Nussel <lnussel@novell.com> 2007-07-27 03:11:57 MST --- yes. updates are in the works. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=295040#c1 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #1 from Ludwig Nussel <lnussel@novell.com> 2007-07-27 03:11:57 MST --- yes. updates are in the works. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com