SuSE Update For Bind, Bind9 SUSE-SA:2007:047 Network Vulnerability

Impact

DNS cache poisoning

Solution

Please Install the Updated Packages.

Insight

Amit Klein found that the random number generator used by the BIND name server to compute DNS query IDs generates predictable values. Remote attackers could exploit this flaw to conduct DNS cache poisoning attacks CVE-2007-2926.

Affected

bind, bind9 on SUSE LINUX 10.1, openSUSE 10.2, SuSE Linux Enterprise Server 8, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SUSE Linux Enterprise Server 10 SP1

References

http://www.novell.com/linux/security/advisories/2007_47_bind.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-2926
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

SLES10: Security update for Emacs
SLES10: Security update for openswan
SLES10: Security update for icu
SLES10: Security update for mailman
SLES10: Security update for libtiff

SuSE Update for bind, bind9 SUSE-SA:2007:047

Take action and discover your vulnerabilities