Mandriva Update For Bind MDKSA-2007:149 (bind) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The DNS query id generation code in BIND9 is vulnerable to cryptographic analysis which provides a 1-in-8 change of guessing the next query ID for 50% of the query IDs, which could be used by a remote attacker to perform cache poisoning by an attacker (CVE-2007-2926). As well, in BIND9 9.4.x, the default ACLs were note being correctly set, which could allow anyone to make recursive queries and/or query the cache contents (CVE-2007-2925). This update provides packages which are patched to prevent these issues.

Affected

bind on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64

Severity

Classification

CVE CVE-2007-2925, CVE-2007-2926
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:048-2 (epiphany)
Mandrake Security Advisory MDVSA-2009:105 (memcached)
Mandrake Security Advisory MDVSA-2009:155 (git)
Mandrake Security Advisory MDVSA-2009:160 (ruby)
Mandrake Security Advisory MDVSA-2009:094 (mysql)

Mandriva Update for bind MDKSA-2007:149 (bind)

Take action and discover your vulnerabilities