Article 10460 at 07/07/27 17:51:30 From: administration (at mark) cnx-solutions.com Subject: [coba-e:10460] Re: Bind 9 security issue CVE-2007-2926

Index: [Article Count Order] [Thread]
Date:  Fri, 27 Jul 2007 09:51:26 +0100
From:  "Keith Reynolds" <administration (at mark) cnx-solutions.com>
Subject:  [coba-e:10460] Re: Bind 9 security issue CVE-2007-2926
To:  coba-e (at mark) bluequartz.org
Message-Id:  <46A9C01E.30101.19F998@localhost>
In-Reply-To:  <007e01c7cfd9$cf49ed90$3701a8c0@user33b5201c50>
References:  <200707262109.22302.bq (at mark) solarspeed.net>
X-Mail-Count: 10460

Hi Blues,

Yes, echo that.

Thanks very much Michael for your ongoing support & committment.

Rgds.

Keith Reynolds

Date sent:      	Fri, 27 Jul 2007 02:07:59 +0300
From:           	Arthur Sherman <arturs (at mark) netvision.net.il>
Send reply to:  	coba-e (at mark) bluequartz.org
Subject:        	[coba-e:10455] Re: Bind 9 security issue CVE-2007-2926
To:             	coba-e (at mark) bluequartz.org

[ Double-click this line for list subscription options ] 

Thanks for the head up, Michael.

Very appreciated.


Best,

--
Arthur Sherman
 

> -----Original Message-----
> From: Michael Stauber [mailto:bq (at mark) solarspeed.net] 
> Sent: Thursday, July 26, 2007 10:09 PM
> To: Blue Quartz
> Subject: [coba-e:10452] Bind 9 security issue CVE-2007-2926
> 
> Hi all,
> 
> there is an updated Bind9 RPM on the CentOS + BlueQuartz YUM 
> repository. 
> 
> Anyone who is running a DNS server on his BlueQuartz should 
> urgently run "yum update" and install the updated Bind 9 RPM 
> - if your server hasn't already fetched it automatically last night.
> 
> The updated and therefore fixed Bind 9 RPMs have the following version
> numbers:
> 
> bind-utils-9.2.4-27.0.1.el4
> bind-libs-9.2.4-27.0.1.el4
> bind-9.2.4-27.0.1.el4
> bind-chroot-9.2.4-27.0.1.el4
> 
> More information on the problem:
> 
> http://isc.sans.org/diary.html?storyid=3181
> 
> The problem with the vulnerable Bind 9 is quite severe. 
> Basically an attacker can poison your DNS cache quite easily 
> and can therefore redirect traffic to other hosts than the 
> ones you (or your users) intended to go to. Turning off DNS 
> caching prevents this, but for many users this isn't an option.
> 
> Poisoning should usually be very difficult, because it should 
> be next to impossible to guess or interpolate the correct 
> 16-bit transaction ID,  as there are more than 65000 
> different combinations possible.
> 
> However, the Bind programmers screwed up and an attacker just 
> has to do one query, check the transaction ID and interpolate 
> three of the 16 bits to guess the next valid transaction ID. 
> Three bits boils down to 10 possible combinations, so it can 
> be brute-forced easily.
> 
> --
> With best regards,
> 
> Michael Stauber
> http://www.solarspeed.net
> 
>