exploits , vulnerabilities , articles , ISC BIND 8 Remote Cache Poisoning Vulnerability

Title	ISC BIND 8 Remote Cache Poisoning Vulnerability
Published	2007-08-27-12:00AM
Updated	2008-01-09-09:49PM
Class	Design Error
CVE	CVE-2007-2930
Remote	Yes
Local	No
Credit	Amit Klein discovered this vulnerability.
Vulnerable	Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8 Nortel Networks Business Communications Manager 3.0 Nortel Networks Business Communications Manager 2.0 Nortel Networks BCM 400 Nortel Networks BCM 200 Nortel Networks BCM 1000 ISC BIND 8.4.7 ISC BIND 8.4.6 ISC BIND 8.4.5 ISC BIND 8.4.4 ISC BIND 8.4.3 ISC BIND 8.4.2 ISC BIND 8.4.1 ISC BIND 8.4 ISC BIND 8.3.7 ISC BIND 8.3.6 ISC BIND 8.3.5 ISC BIND 8.3.4 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 S.u.S.E. Linux Personal 8.2 ISC BIND 8.3.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.0 Debian Linux 3.0 FreeBSD FreeBSD 4.7 RELEASE FreeBSD FreeBSD 4.7 MandrakeSoft Linux Mandrake 7.2 MandrakeSoft Single Network Firewall 7.2 OpenPKG OpenPKG 1.1 OpenPKG OpenPKG Current ISC BIND 8.3.2 FreeBSD FreeBSD 4.6 RELEASE FreeBSD FreeBSD 4.6 ISC BIND 8.3.1 ISC BIND 8.3 .0 ISC BIND 8.2.7 ISC BIND 8.2.6 Conectiva Linux 6.0 OpenPKG OpenPKG 1.0 Trustix Secure Linux 1.5 Trustix Secure Linux 1.2 ISC BIND 8.2.5 OpenPKG OpenPKG 1.0 Trustix Secure Linux 1.5 ISC BIND 8.2.4 S.u.S.E. Linux 8.1 S.u.S.E. Linux 8.0 S.u.S.E. Linux 7.3 sparc S.u.S.E. Linux 7.3 ppc S.u.S.E. Linux 7.3 Trustix Secure Linux 1.2 ISC BIND 8.2.3 Beta ISC BIND 8.2.3 Caldera OpenLinux Server 3.1.1 Caldera OpenLinux Server 3.1 Caldera OpenLinux Workstation 3.1.1 Caldera OpenLinux Workstation 3.1 Debian Linux 2.2 EnGarde Secure Linux 1.0.1 Immunix Immunix OS 7 ISC BIND 8.2.2 p7 ISC BIND 8.2.2 p6 ISC BIND 8.2.2 p5 Caldera OpenLinux Desktop 2.3 Caldera UnixWare 7.1.1 Conectiva Linux 6.0 Conectiva Linux 5.1 Conectiva Linux 5.0 Conectiva Linux 4.2 Conectiva Linux 4.1 Conectiva Linux 4.0 es Conectiva Linux 4.0 Debian Linux 2.3 sparc Debian Linux 2.3 powerpc Debian Linux 2.3 arm Debian Linux 2.3 alpha Debian Linux 2.3 68k Debian Linux 2.3 Debian Linux 2.2 sparc Debian Linux 2.2 powerpc Debian Linux 2.2 arm Debian Linux 2.2 alpha Debian Linux 2.2 68k Debian Linux 2.2 IBM AIX 4.3.3 IBM AIX 4.3.2 IBM AIX 4.3.1 IBM AIX 4.3 MandrakeSoft Corporate Server 1.0.1 MandrakeSoft Linux Mandrake 7.2 MandrakeSoft Linux Mandrake 7.1 MandrakeSoft Linux Mandrake 7.0 MandrakeSoft Linux Mandrake 6.1 MandrakeSoft Linux Mandrake 6.0 MandrakeSoft Single Network Firewall 7.2 RedHat Linux 7.0 J sparc RedHat Linux 7.0 J i386 RedHat Linux 7.0 J alpha RedHat Linux 7.0 sparc RedHat Linux 7.0 i386 RedHat Linux 7.0 alpha RedHat Linux 6.2 E sparc RedHat Linux 6.2 E i386 RedHat Linux 6.2 E alpha RedHat Linux 6.2 sparc RedHat Linux 6.2 i386 RedHat Linux 6.2 alpha RedHat Linux 6.1 sparc RedHat Linux 6.1 i386 RedHat Linux 6.1 alpha RedHat Linux 6.0 sparc RedHat Linux 6.0 alpha RedHat Linux 6.0 RedHat Linux 5.2 sparc RedHat Linux 5.2 i386 RedHat Linux 5.2 alpha S.u.S.E. Linux 6.4 ppc S.u.S.E. Linux 6.4 alpha S.u.S.E. Linux 6.4 S.u.S.E. Linux 6.3 alpha S.u.S.E. Linux 6.3 S.u.S.E. Linux 6.2 S.u.S.E. Linux 6.1 alpha S.u.S.E. Linux 6.1 S.u.S.E. Linux 6.0 SCO eDesktop 2.4 SCO eServer 2.3 Trustix Trustix Secure Linux 1.1 Trustix Trustix Secure Linux 1.0 ISC BIND 8.2.2 p4 ISC BIND 8.2.2 p3 ISC BIND 8.2.2 p2 ISC BIND 8.2.2 p1 ISC BIND 8.2.2 ISC BIND 8.2.1 ISC BIND 8.2 Caldera OpenLinux 2.2 Caldera OpenLinux 1.3 Caldera UnixWare 7.1.1 IBM AIX 4.3.3 IBM AIX 4.3.2 IBM AIX 4.3.1 IBM AIX 4.3 RedHat Linux 6.1 i386 RedHat Linux 6.0 RedHat Linux 5.2 i386 RedHat Linux 5.1 RedHat Linux 5.0 RedHat Linux 4.2 RedHat Linux 4.1 RedHat Linux 4.0 Slackware Linux 4.0 IBM AIX 5.3 IBM AIX 5.2 HP HPUX B.11.11 Avaya Proactive Contact 0 Avaya Predictive Dialer (PDS) APC 3.0 Avaya Predictive Dialer 0 Avaya Interactive Response 1.3 Avaya Interactive Response 1.2.1 Avaya Interactive Response 3.0 Avaya Interactive Response 2.0 Avaya Interactive Response Avaya CMS Supervisor 0 Avaya CMS Server 13.0 Avaya CMS Server 12.0 Avaya CMS Server 11.0 Avaya CMS Server 10.0 Avaya CMS Server 9.0 Avaya CMS Server 8.0 Avaya CMS Server 14.0 Avaya CMS Server 13.1
Not Vulnerable	Nortel Networks SRG200/400 1.5 Nortel Networks Business Communications Manager 4.0 ISC BIND 8.4.7 -P1
Code	The following exploit code is available: /data/vulnerabilities/exploits/25459-SHUFFLE_ONLY.pl /data/vulnerabilities/exploits/25459-USE_POOL.pl
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-15 TYPO3 Watchdog (aba_watchdog) Unspecified Information Disclosure Vulnerability
• 2009-12-15 PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
• 2009-12-15 PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
• 2009-12-15 IBM DB2 prior to 9.5 Fix Pack 5 Multiple Unspecified Security Vulnerabilities
• 2009-12-15 Sun Ray Server Software Desktop Session Handling Local Security Bypass Vulnerability
• 2009-12-15 Mozilla Firefox Sage Extension RSS Feeds Cross Domain Scripting Vulnerability
• 2009-12-15 Adobe Reader and Acrobat (CVE-2009-4324) Remote Code Execution Vulnerability
• 2009-12-14 Microsoft Protected Extensible Authentication Protocol Authentication Bypass Vulnerability
• 2009-12-14 Google Chrome DNS Pre-Fetching Proxy Cache Information Disclosure Vulnerability
• 2009-12-14 Oracle E-Business Suite Multiple Remote Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Tue, 15 Dec 2009 23:58:31 +0000