[security-alerts] FW: [SA26152] BIND Predictable DNS Query IDs Vulnerability

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

В продолжение темы, так как информация представлена в более удобном виде.


> ----------------------------------------------------------------------
>
> TITLE:
> BIND Predictable DNS Query IDs Vulnerability
>
> SECUNIA ADVISORY ID:
> SA26152
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/26152/
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> Spoofing
>
> WHERE:
> From remote
>
> SOFTWARE:
> ISC BIND 9.4.x
> http://secunia.com/product/14101/
> ISC BIND 9.3.x
> http://secunia.com/product/4298/
> ISC BIND 9.2.x
> http://secunia.com/product/75/
>
> DESCRIPTION:
> Amit Klein has reported a vulnerability in BIND, which can be
> exploited by malicious people to poison the DNS cache.
>
> The vulnerability is caused due to predictable query IDs in outgoing
> queries (e.g. if BIND works as resolver or when sending NOTIFYs to
> slaves) and can be exploited to poison the DNS cache when the query
> ID is guessed.
>
> Reportedly, the chance to guess the next query ID for 50% of the
> queries (if the query ID is even) is 1 to 8.
>
> The vulnerability is reported in the following versions:
> * BIND 9.0 (all versions)
> * BIND 9.1 (all versions)
> * BIND 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.7, 9.2.8
> * BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.3.4
> * BIND 9.4.0, 9.4.1
> * BIND 9.5.0a1, 9.5.0a2, 9.5.0a3, 9.5.0a4, 9.5.0a5
>
> SOLUTION:
> Update to BIND 9.2.8-P1, BIND 9.3.4-P1, BIND 9.4.1-P1.
>
> PROVIDED AND/OR DISCOVERED BY:
> Amit Klein
>
> ORIGINAL ADVISORY:
> ISC:
> http://www.isc.org/index.pl?/sw/bind/bind-security.php
>
> Tusteer:
> http://www.trusteer.com/docs/bind9dns_s.html
>