Nortel Response to Potential Vunerability VU#927905 - BIND 8 May Allow Cache Poisoning Attack
| Description: |
Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories On Aug 21, 2007, Internet Systems Consortium (ISC) announced a new vulnerability in BIND 8. Additionally, Sun Microsystems has released a patch to address this issue in Solaris. Some Nortel products may contain this software as a component. This bulletin provides per-product recommendations for the Nortel products which are potentially affected by these new vulnerabilities. See also: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103063-1 The Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS) implementation from Internet Systems Consortium (ISC). Version 8 of the BIND software uses a weak algorithm to generate DNS query identifiers. This condition allows an attacker to reliably guess the next query ID, thereby allowing for DNS cache poisoning attacks. ISC states that this bug only affects outgoing queries, generated by BIND 8 to answer questions as a resolver, or when it is looking up data for internal uses, such as when sending NOTIFY messages to slave name servers. |
| Type: |
Security Advisories |
| Number: |
2007008410, Rev 1 |
| Status: |
Retired |
| Date: |
2007-10-30 |
