Severity: Unknown
Affected Package: bind
Summary: BIND predictable DNS query IDs enabling cache poisoning, fixed in 9.3.4p1
BIND was patched (equivalent to 9.3.4p1) to fix a weakness in the generation of DNS query IDs that made them predictable, enabling DNS cache poisoning/spoofing. The fix was applied to the 0.2 and 0.1 branches. This corresponds to FreeBSD-SA-07:07.bind (CVE-2007-2926); the related BIND ACL default issue CVE-2007-2925 was also addressed in 9.3.4p1.
No specific recommendations provided.
Aliases: CVE-2007-2926, CVE-2007-2925
Published: August 01, 2007
Last Modified: August 01, 2007