exploits , vulnerabilities , articles , ISC BIND 8 Remote Cache Poisoning Vulnerability

Title	ISC BIND 8 Remote Cache Poisoning Vulnerability
Published	2007-08-27-12:00AM
Updated	2008-01-09-09:49PM
Class	Design Error
CVE	CVE-2007-2930
Remote	Yes
Local	No
Credit	Amit Klein discovered this vulnerability.
Vulnerable	Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8 Nortel Networks Business Communications Manager 3.0 Nortel Networks Business Communications Manager 2.0 Nortel Networks BCM 400 Nortel Networks BCM 200 Nortel Networks BCM 1000 ISC BIND 8.4.7 ISC BIND 8.4.6 ISC BIND 8.4.5 ISC BIND 8.4.4 ISC BIND 8.4.3 ISC BIND 8.4.2 ISC BIND 8.4.1 ISC BIND 8.4 ISC BIND 8.3.7 ISC BIND 8.3.6 ISC BIND 8.3.5 ISC BIND 8.3.4 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 S.u.S.E. Linux Personal 8.2 ISC BIND 8.3.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.0 Debian Linux 3.0 FreeBSD FreeBSD 4.7 RELEASE FreeBSD FreeBSD 4.7 MandrakeSoft Linux Mandrake 7.2 MandrakeSoft Single Network Firewall 7.2 OpenPKG OpenPKG 1.1 OpenPKG OpenPKG Current ISC BIND 8.3.2 FreeBSD FreeBSD 4.6 RELEASE FreeBSD FreeBSD 4.6 ISC BIND 8.3.1 ISC BIND 8.3 .0 ISC BIND 8.2.7 ISC BIND 8.2.6 Conectiva Linux 6.0 OpenPKG OpenPKG 1.0 Trustix Secure Linux 1.5 Trustix Secure Linux 1.2 ISC BIND 8.2.5 OpenPKG OpenPKG 1.0 Trustix Secure Linux 1.5 ISC BIND 8.2.4 S.u.S.E. Linux 8.1 S.u.S.E. Linux 8.0 S.u.S.E. Linux 7.3 sparc S.u.S.E. Linux 7.3 ppc S.u.S.E. Linux 7.3 Trustix Secure Linux 1.2 ISC BIND 8.2.3 Beta ISC BIND 8.2.3 Caldera OpenLinux Server 3.1.1 Caldera OpenLinux Server 3.1 Caldera OpenLinux Workstation 3.1.1 Caldera OpenLinux Workstation 3.1 Debian Linux 2.2 EnGarde Secure Linux 1.0.1 Immunix Immunix OS 7 ISC BIND 8.2.2 p7 ISC BIND 8.2.2 p6 ISC BIND 8.2.2 p5 Caldera OpenLinux Desktop 2.3 Caldera UnixWare 7.1.1 Conectiva Linux 6.0 Conectiva Linux 5.1 Conectiva Linux 5.0 Conectiva Linux 4.2 Conectiva Linux 4.1 Conectiva Linux 4.0 es Conectiva Linux 4.0 Debian Linux 2.3 sparc Debian Linux 2.3 powerpc Debian Linux 2.3 arm Debian Linux 2.3 alpha Debian Linux 2.3 68k Debian Linux 2.3 Debian Linux 2.2 sparc Debian Linux 2.2 powerpc Debian Linux 2.2 arm Debian Linux 2.2 alpha Debian Linux 2.2 68k Debian Linux 2.2 IBM AIX 4.3.3 IBM AIX 4.3.2 IBM AIX 4.3.1 IBM AIX 4.3 MandrakeSoft Corporate Server 1.0.1 MandrakeSoft Linux Mandrake 7.2 MandrakeSoft Linux Mandrake 7.1 MandrakeSoft Linux Mandrake 7.0 MandrakeSoft Linux Mandrake 6.1 MandrakeSoft Linux Mandrake 6.0 MandrakeSoft Single Network Firewall 7.2 RedHat Linux 7.0 J sparc RedHat Linux 7.0 J i386 RedHat Linux 7.0 J alpha RedHat Linux 7.0 sparc RedHat Linux 7.0 i386 RedHat Linux 7.0 alpha RedHat Linux 6.2 E sparc RedHat Linux 6.2 E i386 RedHat Linux 6.2 E alpha RedHat Linux 6.2 sparc RedHat Linux 6.2 i386 RedHat Linux 6.2 alpha RedHat Linux 6.1 sparc RedHat Linux 6.1 i386 RedHat Linux 6.1 alpha RedHat Linux 6.0 sparc RedHat Linux 6.0 alpha RedHat Linux 6.0 RedHat Linux 5.2 sparc RedHat Linux 5.2 i386 RedHat Linux 5.2 alpha S.u.S.E. Linux 6.4 ppc S.u.S.E. Linux 6.4 alpha S.u.S.E. Linux 6.4 S.u.S.E. Linux 6.3 alpha S.u.S.E. Linux 6.3 S.u.S.E. Linux 6.2 S.u.S.E. Linux 6.1 alpha S.u.S.E. Linux 6.1 S.u.S.E. Linux 6.0 SCO eDesktop 2.4 SCO eServer 2.3 Trustix Trustix Secure Linux 1.1 Trustix Trustix Secure Linux 1.0 ISC BIND 8.2.2 p4 ISC BIND 8.2.2 p3 ISC BIND 8.2.2 p2 ISC BIND 8.2.2 p1 ISC BIND 8.2.2 ISC BIND 8.2.1 ISC BIND 8.2 Caldera OpenLinux 2.2 Caldera OpenLinux 1.3 Caldera UnixWare 7.1.1 IBM AIX 4.3.3 IBM AIX 4.3.2 IBM AIX 4.3.1 IBM AIX 4.3 RedHat Linux 6.1 i386 RedHat Linux 6.0 RedHat Linux 5.2 i386 RedHat Linux 5.1 RedHat Linux 5.0 RedHat Linux 4.2 RedHat Linux 4.1 RedHat Linux 4.0 Slackware Linux 4.0 IBM AIX 5.3 IBM AIX 5.2 HP HPUX B.11.11 Avaya Proactive Contact 0 Avaya Predictive Dialer (PDS) APC 3.0 Avaya Predictive Dialer 0 Avaya Interactive Response 1.3 Avaya Interactive Response 1.2.1 Avaya Interactive Response 3.0 Avaya Interactive Response 2.0 Avaya Interactive Response Avaya CMS Supervisor 0 Avaya CMS Server 13.0 Avaya CMS Server 12.0 Avaya CMS Server 11.0 Avaya CMS Server 10.0 Avaya CMS Server 9.0 Avaya CMS Server 8.0 Avaya CMS Server 14.0 Avaya CMS Server 13.1
Not Vulnerable	Nortel Networks SRG200/400 1.5 Nortel Networks Business Communications Manager 4.0 ISC BIND 8.4.7 -P1
Code	The following exploit code is available: /data/vulnerabilities/exploits/25459-SHUFFLE_ONLY.pl /data/vulnerabilities/exploits/25459-USE_POOL.pl
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-12-01 SystemImager Flamethrower Insecure Temporary File Creation Vulnerabilities
• 2008-12-01 Rumpus FTP Server Command Argument Remote Buffer Overflow Vulnerability
• 2008-12-01 Rumpus FTP Server HTTP Command Remote Denial of Service Vulnerability
• 2008-11-29 Multiple ActiveWebSoftwares Products Login Parameters SQL Injection Vulnerabilities
• 2008-11-29 Venalsur Booking Centre Multiple Cross-Site Scripting Vulnerabilities
• 2008-11-28 ReVou Login SQL Injection Vulnerability
• 2008-11-28 Web Calendar System SQL Injection and Cross Site Scripting Vulnerabilities
• 2008-11-28 SailPlanner Login SQL Injection Vulnerability
• 2008-11-28 Livio.net WEB Calendar Cross Site Scripting and Multiple SQL Injection Vulnerabilities
• 2008-11-28 Subtext Anchor Tags HTML Injection Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Tue, 02 Dec 2008 10:09:41 +0000