icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

ISC BIND < 8.4.7-P1 Outgoing Query Predictable DNS Query ID

Low

Synopsis

The remote DNS server is vulnerable to a cache-poisoning attack.

Description

The remote host is running a version of BIND DNS Server prior to 8.4.7-P1. This version of BIND is vulnerable to a flaw that would allow cache poisoning. An attacker exploiting this flaw would need to be able to manipulate the vulnerable DNS server into contacting a malicious DNS server. Successful exploitation would lead to a cache-poisoning attack.

Solution

BIND 8 is no longer supported by ISC. Upgrade or patch according to vendor recommendations.