ISC BIND DNS Query ID Field Prediction Cache Poisoning (deprecated)

medium Nessus Network Monitor Plugin ID 4578


The remote DNS server is vulnerable to a cache-poisoning attack.


The remote host is running a version of BIND DNS server which fails to randomize the UDP source port. This could allow an attacker to poison the DNS cache. A poisoned cache means that DNS clients can be directed to rogue sites and greatly simplifies phishing attacks.


Many vendors build their DNS solution on top of BIND. Contact your specific DNS vendor for a fix. While the only true fix is to use DNSSEC, ISC has released patched versions of BIND that make it harder for attackers to spoof DNS answers. This is accomplished by expanding the range of UDP ports from which queries are sent. The following versions of ISC BIND increase the range of utilized UDP ports: 9.5.0-P1, 9.5.1b1, 9.4.2-P1, 9.4.3b2, 9.3.5-P1

See Also

Plugin Details

Severity: Medium

ID: 4578

Family: DNS Servers

Published: 8/18/2004

Updated: 3/6/2019

Risk Information


Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:isc:bind

Reference Information

CVE: CVE-2008-1447

BID: 30131