• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: ISC BIND 8 Remote Cache Poisoning Vulnerability

Severity: MODERATE

Description:

A remote DNS cache-poisoning vulnerability affects BIND 8 because it fails to use secure DNS transaction IDs.

Specifically, the transaction IDs for DNS requests are predictable due to several weaknesses in its random-number generator.

BIND uses one of two different random-number generators, depending on the setting of the 'use-id-pool' configuration value.

The 'NSID_USE_POOL' algorithm is prone to a weakness that allows attackers to guess linear congruence coefficients once they have retrieved as few as three consecutive transaction IDs from the targeted server. This allows them to guess the next transaction ID with very little computation. The chances of a successful attack depend on the number of previous queries the server has performed since its startup.

The 'NSID_SHUFFLE_ONLY' algorithm is prone to a weakness that allows attackers to predict transaction IDs once they have observed as few as five previous transaction IDs.

Probabilities of successful exploits of these weaknesses range from 15 to 97%, with as few as several to as many as several hundred guess attempts.

Exploiting this issue allows remote attackers to spoof DNS server replies, poisoning the server's cache.

Attackers may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.

Versions of BIND from 8.2.0 through to 8.4.7 are vulnerable to this issue.

Affected Products:

• Apple Mac OS X 10.1.0
• Apple Mac OS X 10.1.0
• Apple Mac OS X 10.1.1
• Apple Mac OS X 10.1.2
• Apple Mac OS X 10.1.3
• Apple Mac OS X 10.1.4
• Apple Mac OS X 10.1.5
• Apple Mac OS X 10.2.0
• Apple Mac OS X 10.2.1
• Apple Mac OS X 10.2.2
• Apple Mac OS X 10.2.3
• Apple Mac OS X 10.2.4
• Apple Mac OS X Server 10.0.0
• Apple Mac OS X Server 10.2.0
• Apple Mac OS X Server 10.2.1
• Apple Mac OS X Server 10.2.2
• Apple Mac OS X Server 10.2.3
• Apple Mac OS X Server 10.2.4
• Avaya CMS Server 10.0.0
• Avaya CMS Server 11.0.0
• Avaya CMS Server 12.0.0
• Avaya CMS Server 13.0.0
• Avaya CMS Server 13.1
• Avaya CMS Server 14.0
• Avaya CMS Server 8.0.0
• Avaya CMS Server 9.0.0
• Avaya CMS Supervisor
• Avaya Interactive Response
• Avaya Interactive Response 1.2.1
• Avaya Interactive Response 1.3.0
• Avaya Interactive Response 2.0
• Avaya Interactive Response 3.0
• Avaya Predictive Dialer
• Avaya Predictive Dialer (PDS) APC 3.0
• Avaya Proactive Contact
• Caldera OpenLinux Desktop 2.3.0
• Caldera OpenLinux Server 3.1.0
• Caldera OpenLinux Server 3.1.1
• Caldera OpenLinux Workstation 3.1.0
• Caldera OpenLinux Workstation 3.1.1
• Caldera UnixWare 7.1.1
• Conectiva Linux 4.0.0
• Conectiva Linux 4.0.0 es
• Conectiva Linux 4.1.0
• Conectiva Linux 4.2.0
• Conectiva Linux 5.0.0
• Conectiva Linux 5.1.0
• Conectiva Linux 6.0.0
• Debian Linux 2.2.0
• Debian Linux 2.2.0 68k
• Debian Linux 2.2.0 alpha
• Debian Linux 2.2.0 arm
• Debian Linux 2.2.0 powerpc
• Debian Linux 2.2.0 sparc
• Debian Linux 2.3.0
• Debian Linux 2.3.0 68k
• Debian Linux 2.3.0 alpha
• Debian Linux 2.3.0 arm
• Debian Linux 2.3.0 powerpc
• Debian Linux 2.3.0 sparc
• Debian Linux 3.0.0
• EnGarde Secure Linux 1.0.1
• FreeBSD FreeBSD 4.6.0
• FreeBSD FreeBSD 4.6.0 -RELEASE
• FreeBSD FreeBSD 4.7.0
• FreeBSD FreeBSD 4.7.0 -RELEASE
• HP HP-UX B.11.11
• IBM AIX 4.3.0
• IBM AIX 4.3.1
• IBM AIX 4.3.2
• IBM AIX 4.3.3
• IBM AIX 5.2
• IBM AIX 5.3
• ISC BIND 8.2.0
• ISC BIND 8.2.1
• ISC BIND 8.2.2
• ISC BIND 8.2.2 p1
• ISC BIND 8.2.2 p2
• ISC BIND 8.2.2 p3
• ISC BIND 8.2.2 p4
• ISC BIND 8.2.2 p5
• ISC BIND 8.2.2 p6
• ISC BIND 8.2.2 p7
• ISC BIND 8.2.3
• ISC BIND 8.2.3 Beta
• ISC BIND 8.2.4
• ISC BIND 8.2.5
• ISC BIND 8.2.6
• ISC BIND 8.2.7
• ISC BIND 8.3.0 .0
• ISC BIND 8.3.1
• ISC BIND 8.3.2
• ISC BIND 8.3.3
• ISC BIND 8.3.4
• ISC BIND 8.3.5
• ISC BIND 8.3.6
• ISC BIND 8.3.7
• ISC BIND 8.4.0
• ISC BIND 8.4.1
• ISC BIND 8.4.2
• ISC BIND 8.4.3
• ISC BIND 8.4.4
• ISC BIND 8.4.5
• ISC BIND 8.4.6
• ISC BIND 8.4.7
• Immunix Immunix OS 7+
• MandrakeSoft Corporate Server 1.0.1
• MandrakeSoft Linux Mandrake 6.0.0
• MandrakeSoft Linux Mandrake 6.1.0
• MandrakeSoft Linux Mandrake 7.0.0
• MandrakeSoft Linux Mandrake 7.1.0
• MandrakeSoft Linux Mandrake 7.2.0
• MandrakeSoft Single Network Firewall 7.2.0
• Nortel Networks BCM 1000
• Nortel Networks BCM 200
• Nortel Networks BCM 400
• Nortel Networks Business Communications Manager 2.0
• Nortel Networks Business Communications Manager 3.0
• Nortel Networks Enterprise NMS
• Nortel Networks Self-Service - CCSS7
• Nortel Networks Self-Service MPS 100
• Nortel Networks Self-Service MPS 1000
• Nortel Networks Self-Service MPS 500
• Nortel Networks Self-Service Peri Application
• Nortel Networks Self-Service Speech Server
• OpenPKG OpenPKG 1.0.0
• OpenPKG OpenPKG 1.1.0
• OpenPKG OpenPKG Current
• RedHat Linux 5.2.0 alpha
• RedHat Linux 5.2.0 i386
• RedHat Linux 5.2.0 sparc
• RedHat Linux 6.0.0
• RedHat Linux 6.0.0 alpha
• RedHat Linux 6.0.0 sparc
• RedHat Linux 6.1.0 alpha
• RedHat Linux 6.1.0 i386
• RedHat Linux 6.1.0 sparc
• RedHat Linux 6.2.0 E alpha
• RedHat Linux 6.2.0 E i386
• RedHat Linux 6.2.0 E sparc
• RedHat Linux 6.2.0 alpha
• RedHat Linux 6.2.0 i386
• RedHat Linux 6.2.0 sparc
• RedHat Linux 7.0.0 J alpha
• RedHat Linux 7.0.0 J i386
• RedHat Linux 7.0.0 J sparc
• RedHat Linux 7.0.0 alpha
• RedHat Linux 7.0.0 i386
• RedHat Linux 7.0.0 sparc
• S.u.S.E. Linux 6.0.0
• S.u.S.E. Linux 6.1.0
• S.u.S.E. Linux 6.1.0 alpha
• S.u.S.E. Linux 6.2.0
• S.u.S.E. Linux 6.3.0
• S.u.S.E. Linux 6.3.0 alpha
• S.u.S.E. Linux 6.4.0
• S.u.S.E. Linux 6.4.0 alpha
• S.u.S.E. Linux 6.4.0 ppc
• S.u.S.E. Linux 7.3.0
• S.u.S.E. Linux 7.3.0 ppc
• S.u.S.E. Linux 7.3.0 sparc
• S.u.S.E. Linux 8.0.0
• S.u.S.E. Linux 8.1.0
• S.u.S.E. Linux Personal 8.2.0
• SCO eDesktop 2.4.0
• SCO eServer 2.3.0
• Sun Solaris 8
• Sun Solaris 8_x86
• Sun Solaris 9
• Sun Solaris 9_x86
• Trustix Secure Linux 1.1.0
• Trustix Secure Linux 1.2.0
• Trustix Secure Linux 1.5.0
• Trustix Trustix Secure Linux 1.0.0
• Trustix Trustix Secure Linux 1.1.0

References:

• Amit Klein: BIND 8 DNS Cache Poisoning
• Avaya: ASA-2007-448 Security Vulnerability in BIND 8 May Allow Cache Poisoning Attack (
• Avaya: ASA-2008-022 HP-UX Running BIND 8, Remote DNS Cache Poisoning (HPSBUX02289)
• ISC: BIND 8 End Of Life Announcement
• ISC: ISC BIND
• Nortel Networks: Nortel Networks Security Advisory 2008008807
• Nortel Networks: Nortel Response to Potential Vunerability VU#927905 - BIND 8 May Allow Cache Poi
• Sun Microsystems: Sun Alert ID: 103063: Security Vulnerability in BIND 8 May Allow Cache Poisoning
• US-CERT: Vulnerability Note VU#927905 BIND version 8 generates cryptographically weak DNS

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.