CVE-2007-2930

N/A Unknown
Published: September 12, 2007 Modified: April 23, 2026
View on NVD

Description

The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01283837
Source: cret@cert.org
http://secunia.com/advisories/26629
Source: cret@cert.org
http://secunia.com/advisories/26858
Source: cret@cert.org
http://secunia.com/advisories/27433
Source: cret@cert.org
http://secunia.com/advisories/27459
Source: cret@cert.org
http://secunia.com/advisories/27465
Source: cret@cert.org
http://secunia.com/advisories/27696
Source: cret@cert.org
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103063-1
Source: cret@cert.org
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200859-1
Source: cret@cert.org
http://support.avaya.com/elmodocs2/security/ASA-2007-448.htm
Source: cret@cert.org
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=653968
Source: cret@cert.org
http://www.ciac.org/ciac/bulletins/r-333.shtml
Source: cret@cert.org
Patch
http://www.isc.org/index.pl?/sw/bind/bind8-eol.php
Source: cret@cert.org
Patch
http://www.kb.cert.org/vuls/id/927905
Source: cret@cert.org
Patch US Government Resource
http://www.securityfocus.com/archive/1/477870/100/100/threaded
Source: cret@cert.org
http://www.securityfocus.com/archive/1/481424/100/0/threaded
Source: cret@cert.org
http://www.securityfocus.com/archive/1/481659/100/0/threaded
Source: cret@cert.org
http://www.securityfocus.com/bid/25459
Source: cret@cert.org
http://www.securitytracker.com/id?1018615
Source: cret@cert.org
http://www.trusteer.com/docs/bind8dns.html
Source: cret@cert.org
http://www.vupen.com/english/advisories/2007/2991
Source: cret@cert.org
http://www.vupen.com/english/advisories/2007/3192
Source: cret@cert.org
http://www.vupen.com/english/advisories/2007/3639
Source: cret@cert.org
http://www.vupen.com/english/advisories/2007/3668
Source: cret@cert.org
http://www.vupen.com/english/advisories/2007/3936
Source: cret@cert.org
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/43/022954-01.pdf
Source: cret@cert.org
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3975
Source: cret@cert.org
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2154
Source: cret@cert.org
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01283837
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/26629
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/26858
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/27433
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/27459
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/27465
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/27696
Source: af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103063-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200859-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://support.avaya.com/elmodocs2/security/ASA-2007-448.htm
Source: af854a3a-2127-422b-91ae-364da2661108
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=653968
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ciac.org/ciac/bulletins/r-333.shtml
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.isc.org/index.pl?/sw/bind/bind8-eol.php
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.kb.cert.org/vuls/id/927905
Source: af854a3a-2127-422b-91ae-364da2661108
Patch US Government Resource
http://www.securityfocus.com/archive/1/477870/100/100/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/481424/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/481659/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/25459
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1018615
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.trusteer.com/docs/bind8dns.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/2991
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/3192
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/3639
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/3668
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/3936
Source: af854a3a-2127-422b-91ae-364da2661108
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/43/022954-01.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3975
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2154
Source: af854a3a-2127-422b-91ae-364da2661108

56 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
7.6%
94th percentile
Exploitation Status
Not in CISA KEV

Affected Vendors

isc