ISC:
BIND 9: cryptographically weak query ids. [Added 2007.07.24]
CVE: CVE-2007-2926
Versions affected: BIND 9.0 (all versions)
BIND 9.1 (all versions)
BIND 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.7, 9.2.8
BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.3.4
BIND 9.4.0, 9.4.1
BIND 9.5.0a1, 9.5.0a2, 9.5.0a3, 9.5.0a4, 9.5.0a5
Severity: Medium
Exploitable: Remotely
Description:
The DNS query id generation is vulnerable to cryptographic
analysis which provides a 1 in 8 chance of guessing the next query
id for 50% of the query ids. This can be used to perform cache
poisoning by an attacker.
This bug only affects outgoing queries, generated by BIND 9 to
answer questions as a resolver, or when it is looking up data for
internal uses, such as when sending NOTIFYs to slave name servers.
All users are encouraged to upgrade.
Workaround:
None.
Fix:
Upgrade to BIND 9.2.8-P1, BIND 9.3.4-P1, BIND 9.4.1-P1 or BIND 9.5.0a6.
Amit Klein from Trusteer (www.trusteer.com) found this vulnerability.
Trusteer:
It is saddening to realize that 10-15 years after the dangers of predictable DNS transaction ID were discovered, still the leading DNS cache server does not incorporate strong transaction ID generation, particularly such one that is based on industrial grade cryptographic algorithms.
Measures to prevent DNS spoofing:
The DNS ID field is 16 bits wide, meaning that if full use is made of
all these bits, and if their contents are truly random, it will
require on average 32768 attempts to guess. Anecdotal evidence
suggests there are implementations utilising only 14 bits, meaning on
average 8192 attempts will suffice.
…
Given the above, a resolver MUST:
o Use a new random source port from its available range for each outgoing query
o Make full use of all 16 bits of the ID field
o Assure that its choices of port and ID cannot be predicted by an attacker having knowledge of its (pseudo-)random generator
o Take measures to prevent having multiple equivalent questions outstanding to any authoritative server
