[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CSIRTUK ADVISORY - 3275 - OpenPKG - Security Advisory BIND

To: csirtuk@xxxxxxxxxxxxxxx
Subject: CSIRTUK ADVISORY - 3275 - OpenPKG - Security Advisory BIND
From: infosec@xxxxxxxxxxx
Date: Fri, 27 Jul 2007 09:39:19 +0100 (BST)
Cc: interim@xxxxxxxxxxxxxxxxx
Delivered-to: mailing list interim@xxxxxxxxxxxxxxxxx
Delivered-to: moderator for interim@xxxxxxxxxxxxxxxxx
Importance: Normal
List-help: <mailto:interim-help@lists.cpni.gov.uk>
List-post: <mailto:interim@lists.cpni.gov.uk>
List-subscribe: <mailto:interim-subscribe@lists.cpni.gov.uk>
List-unsubscribe: <mailto:interim-unsubscribe@lists.cpni.gov.uk>
Mailing-list: contact interim-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: SquirrelMail/1.4.8

______________________________________________________________________________


CSIRTUK ADVISORY - 3275 dated 26.07.07 time 16:00

Centre for the Protection of National Infrastructure

______________________________________________________________________________

 Further details about CPNI, including information about our products can be

 found at www.cpni.gov.uk
______________________________________________________________________________

Title
=====
OpenPKG Bind Security Advisory

Detail
======

OpenPKG Bind Security Advisory
ID: 3275
Date: 26 July 2007 12:17

-------------------------------------------------------------------------------
Title: OpenPKG Bind Security Advisory

Abstract: The default access control lists (acls) are not being correctly set,
as a result, anyone can make recursive queries and/or query the cache
contents. In addition, the DNS query id generation is vulnerable to
cryptographic analysis which provides a 1 in 8 chance of guessing the next
query id for 50% of the query ids. This can be used to perform cache poisoning
by an attacker.

Vendors affected:OpenPKG
Applications affected:Bind
Advisory type: Information
Warning Status: Information only
Potential Damage: Remote unauthorised modification
Availability of fix: Available
Type of fix: Patch
Source: OpenPKG
Reliability of source: Trusted
Source URL: http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html
CVE: CVE-2007-2925, CVE-2007-2926

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

____________________________________________________________________________

Publisher Name:          OpenPKG GmbH
Publisher Home:          http://openpkg.com/

Advisory Id (public):    OpenPKG-SA-2007.022
Advisory Type:           OpenPKG Security Advisory (SA)
Advisory Directory:      http://openpkg.com/go/OpenPKG-SA
Advisory Document:       http://openpkg.com/go/OpenPKG-SA-2007.022
Advisory Published:      2007-07-25 12:18 UTC

Issue Id (internal):     OpenPKG-SI-20070725.01
Issue First Created:     2007-07-25
Issue Last Modified:     2007-07-25
Issue Revision:          04
____________________________________________________________________________

Subject Name:            bind
Subject Summary:         DNS Server
Subject Home:            http://www.isc.org/sw/bind/
Subject Versions:        9.* <= 9.4.1-P1

Vulnerability Id:        CVE-2007-2925, CVE-2007-2926
Vulnerability Scope:     global (not OpenPKG specific)

Attack Feasibility:      run-time
Attack Vector:           remote network
Attack Impact:           privilege escalation

Description:
    As confirmed [0] by the vendor, two vulnerabilities exist in the DNS
    server BIND [1]:

    1. The default access control lists (acls) are not being correctly
    set. If not set anyone can make recursive queries and/or query the
    cache contents.

    2. The DNS query id generation is vulnerable to cryptographic
    analysis which provides a 1 in 8 chance of guessing the next query
    id for 50% of the query ids. This can be used to perform cache
    poisoning by an attacker. This bug only affects outgoing queries,
    generated by BIND 9 to answer questions as a resolver, or when it is
    looking up data for internal uses, such as when sending NOTIFYs to
    slave name servers.

References:
    [0] http://www.isc.org/sw/bind/bind-security.php
    [1] http://www.isc.org/sw/bind/
____________________________________________________________________________

Primary Package Name:    bind
Primary Package Home:    http://openpkg.org/go/package/bind

Corrected Distribution:  Corrected Branch: Corrected Package:
OpenPKG Community        CURRENT           bind-9.4.1p1-20070725
____________________________________________________________________________

For security reasons, this document was digitally signed with the OpenPGP
public key of the OpenPKG GmbH (public key id 61B7AE34) which you can download
from http://openpkg.com/openpkg.com.pgp
or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/.
Follow the instructions at http://openpkg.com/security/signatures/
for more details on how to verify the integrity of this document.
____________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG GmbH <http://openpkg.com/>

iD8DBQFGpyOXZwQuyWG3rjQRAkOlAKDZBMOEXpV5uq4cuPJHtU27MiK0YACeJojc
DmLNgVHAAWQ9UtDuELHxFq8=
=wNTs
-----END PGP SIGNATURE-----

______________________________________________________________________________

CPNI values your feedback.

1. Which of the following most reflects the value of the advisory to you?
(Place an 'X' next to your choice)

Very useful:__ Useful:__ Not useful:__

2. If you did not find it useful, why not?


3. Any other comments? How could we improve our advisories?


Thank you for your contribution.
______________________________________________________________________________

For additional information or assistance, please contact our help desk by
telephone.

You may send Not Protectively Marked information via e-mail to
csirtuk@xxxxxxxxxxxxxxxx

Office hours:

Mon - Fri: 09:00 - 16:30 hours
Tel: +44 (0) 870 487 0748 and follow the voice prompts
Fax: +44 (0) 870 487 0749

On-call duty officer outside office hours:
Tel: +44 (0) 870 487 0748 and follow the voice prompts

______________________________________________________________________________

This advisory contains information released by the original author. Some of
the information may have changed since it was released. If the issue affects
you, it may be prudent to retrieve the advisory from the site of the original
source to ensure that you receive the most current information concerning that
problem. Reference to any specific commercial product, process, or service by
trade name, trademark manufacturer, or otherwise, does not constitute or imply
its endorsement, recommendation, or favouring by CPNI.

The views and opinions of authors expressed within this notice shall not be
used for advertising or product endorsement purposes. CPNI shall not accept
responsibility for any errors or omissions contained within this advisory. In
particular, they shall not be liable for any loss or damage whatsoever,
arising from or in connection with the usage of information contained within
this advisory.

CSIRTUK is a member of the Forum of Incident Response and Security Teams
(FIRST) and has contacts with other international Incident Response Teams
(IRTs) in order to foster cooperation and coordination in incident prevention,
to prompt rapid reaction to incidents, and to promote information sharing
amongst its members and the community at large.
______________________________________________________________________________

<End of CSIRTUK Advisory>






______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

Prev by Date: CSIRTUK ADVISORY - 3279 - CA - Security Advisories
Next by Date: CSIRTUK ADVISORY - 3274 - Red Hat - Security Advisories concerning Seamonkey, Thunderbird, Firefox, Bind
Previous by thread: CSIRTUK ADVISORY - 3279 - CA - Security Advisories
Next by thread: CSIRTUK ADVISORY - 3274 - Red Hat - Security Advisories concerning Seamonkey, Thunderbird, Firefox, Bind
Index(es):
- Date
- Thread