Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ISC BIND 8远程缓存破坏漏洞
Vulnerability Description
ISC BIND是美国Internet Systems Consortium(ISC)公司所维护的一套实现了DNS协议的开源软件。 BIND 8的事件ID生成算法(USE_POOL和SHUFFLE_ONLY算法)中存在漏洞,远程攻击者可能利用此漏洞恶意操作DNS记录。 通过观察同一DNS服务器的连续几个事件ID攻击者就可以预测出下一个值,一旦获得了下一个随机数,攻击者就可以控制DNS缓存数据,执行中间人之类的攻击。 BIND 8已于2007年8月27日到达了生命周期,今后也不会再提供升级,因此不再建议使用
CVSS Information
N/A
Vulnerability Type
N/A