Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2015-01604

Опубликовано: 01 янв. 2015
Источник: fstec
CVSS2: 4.3
EPSS Средний

Описание

Множественные уязвимости пакета libisc7 операционной системы Debian GNU/Linux, эксплуатация которых может привести к нарушению целостности защищаемой информации. Эксплуатация уязвимостей может быть осуществлена удаленно

Вендор

Сообщество свободного программного обеспечения

Наименование ПО

Debian GNU/Linux

Версия ПО

до 4 (Debian GNU/Linux)

Тип ПО

Операционная система

Операционные системы и аппаратные платформы

-

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 4,3)

Возможные меры по устранению уязвимости

Проблема может быть решена обновлением операционной системы до следующих версий пакетов в зависимости от архитектуры:
Debian GNU/Linux 4:
ppc:
bind9 - 9.3.4-2etch1
bind9-host - 9.3.4-2etch1
dnsutils - 9.3.4-2etch1
libbind-dev - 9.3.4-2etch1
libbind9-0 - 9.3.4-2etch1
libdns22 - 9.3.4-2etch1
libisc11 - 9.3.4-2etch1
libisccc0 - 9.3.4-2etch1
libisccfg1 - 9.3.4-2etch1
liblwres9 - 9.3.4-2etch1
lwresd - 9.3.4-2etch1
s390x:
bind9 - 9.3.4-2etch1
bind9-host - 9.3.4-2etch1
dnsutils - 9.3.4-2etch1
libbind-dev - 9.3.4-2etch1
libbind9-0 - 9.3.4-2etch1
libdns22 - 9.3.4-2etch1
libisc11 - 9.3.4-2etch1
libisccc0 - 9.3.4-2etch1
libisccfg1 - 9.3.4-2etch1
liblwres9 - 9.3.4-2etch1
lwresd - 9.3.4-2etch1
i686:
bind9 - 9.3.4-2etch1
bind9-host - 9.3.4-2etch1
dnsutils - 9.3.4-2etch1
libbind-dev - 9.3.4-2etch1
libbind9-0 - 9.3.4-2etch1
libdns22 - 9.3.4-2etch1
libisc11 - 9.3.4-2etch1
libisccc0 - 9.3.4-2etch1
libisccfg1 - 9.3.4-2etch1
liblwres9 - 9.3.4-2etch1
lwresd - 9.3.4-2etch1
sparc:
bind9 - 9.3.4-2etch1
bind9-host - 9.3.4-2etch1
dnsutils - 9.3.4-2etch1
libbind-dev - 9.3.4-2etch1
libbind9-0 - 9.3.4-2etch1
libdns22 - 9.3.4-2etch1
libisc11 - 9.3.4-2etch1
libisccc0 - 9.3.4-2etch1
libisccfg1 - 9.3.4-2etch1
liblwres9 - 9.3.4-2etch1
lwresd - 9.3.4-2etch1
x86-64:
bind9 - 9.3.4-2etch1
bind9-host - 9.3.4-2etch1
dnsutils - 9.3.4-2etch1
libbind-dev - 9.3.4-2etch1
libbind9-0 - 9.3.4-2etch1
libdns22 - 9.3.4-2etch1
libisc11 - 9.3.4-2etch1
libisccc0 - 9.3.4-2etch1
libisccfg1 - 9.3.4-2etch1
liblwres9 - 9.3.4-2etch1
lwresd - 9.3.4-2etch1
ia64:
bind9 - 9.3.4-2etch1
bind9-host - 9.3.4-2etch1
dnsutils - 9.3.4-2etch1
libbind-dev - 9.3.4-2etch1
libbind9-0 - 9.3.4-2etch1
libdns22 - 9.3.4-2etch1
libisc11 - 9.3.4-2etch1
libisccc0 - 9.3.4-2etch1
libisccfg1 - 9.3.4-2etch1
liblwres9 - 9.3.4-2etch1
lwresd - 9.3.4-2etch1
alpha:
bind9 - 9.3.4-2etch1
bind9-host - 9.3.4-2etch1
dnsutils - 9.3.4-2etch1
libbind-dev - 9.3.4-2etch1
libbind9-0 - 9.3.4-2etch1
libdns22 - 9.3.4-2etch1
libisc11 - 9.3.4-2etch1
libisccc0 - 9.3.4-2etch1
libisccfg1 - 9.3.4-2etch1
liblwres9 - 9.3.4-2etch1
lwresd - 9.3.4-2etch1
noarch:
bind9-doc - 9.3.4-2etch1
mipsel:
bind9 - 9.3.4-2etch1
bind9-host - 9.3.4-2etch1
dnsutils - 9.3.4-2etch1
libbind-dev - 9.3.4-2etch1
libbind9-0 - 9.3.4-2etch1
libdns22 - 9.3.4-2etch1
libisc11 - 9.3.4-2etch1
libisccc0 - 9.3.4-2etch1
libisccfg1 - 9.3.4-2etch1
liblwres9 - 9.3.4-2etch1
lwresd - 9.3.4-2etch1
hppa:
bind9 - 9.3.4-2etch1
bind9-host - 9.3.4-2etch1
dnsutils - 9.3.4-2etch1
libbind-dev - 9.3.4-2etch1
libbind9-0 - 9.3.4-2etch1
libdns22 - 9.3.4-2etch1
libisc11 - 9.3.4-2etch1
libisccc0 - 9.3.4-2etch1
libisccfg1 - 9.3.4-2etch1
liblwres9 - 9.3.4-2etch1
lwresd - 9.3.4-2etch1
Debian GNU/Linux 3.1:
s390x:
bind9 - 9.2.4-1sarge3
bind9-host - 9.2.4-1sarge3
dnsutils - 9.2.4-1sarge3
libbind-dev - 9.2.4-1sarge3
libdns16 - 9.2.4-1sarge3
libisc7 - 9.2.4-1sarge3
libisccc0 - 9.2.4-1sarge3
libisccfg0 - 9.2.4-1sarge3
liblwres1 - 9.2.4-1sarge3
lwresd - 9.2.4-1sarge3
m68k:
bind9 - 9.2.4-1sarge3
bind9-host - 9.2.4-1sarge3
dnsutils - 9.2.4-1sarge3
libbind-dev - 9.2.4-1sarge3
libdns16 - 9.2.4-1sarge3
libisc7 - 9.2.4-1sarge3
libisccc0 - 9.2.4-1sarge3
libisccfg0 - 9.2.4-1sarge3
liblwres1 - 9.2.4-1sarge3
lwresd - 9.2.4-1sarge3
i686:
bind9 - 9.2.4-1sarge3
bind9-host - 9.2.4-1sarge3
dnsutils - 9.2.4-1sarge3
libbind-dev - 9.2.4-1sarge3
libdns16 - 9.2.4-1sarge3
libisc7 - 9.2.4-1sarge3
libisccc0 - 9.2.4-1sarge3
libisccfg0 - 9.2.4-1sarge3
liblwres1 - 9.2.4-1sarge3
lwresd - 9.2.4-1sarge3
sparc:
bind9 - 9.2.4-1sarge3
bind9-host - 9.2.4-1sarge3
dnsutils - 9.2.4-1sarge3
libbind-dev - 9.2.4-1sarge3
libdns16 - 9.2.4-1sarge3
libisc7 - 9.2.4-1sarge3
libisccc0 - 9.2.4-1sarge3
libisccfg0 - 9.2.4-1sarge3
liblwres1 - 9.2.4-1sarge3
lwresd - 9.2.4-1sarge3
x86-64:
bind9 - 9.2.4-1sarge3
bind9-host - 9.2.4-1sarge3
dnsutils - 9.2.4-1sarge3
libbind-dev - 9.2.4-1sarge3
libdns16 - 9.2.4-1sarge3
libisc7 - 9.2.4-1sarge3
libisccc0 - 9.2.4-1sarge3
libisccfg0 - 9.2.4-1sarge3
liblwres1 - 9.2.4-1sarge3
lwresd - 9.2.4-1sarge3
ia64:
bind9 - 9.2.4-1sarge3
bind9-host - 9.2.4-1sarge3
dnsutils - 9.2.4-1sarge3
libbind-dev - 9.2.4-1sarge3
libdns16 - 9.2.4-1sarge3
libisc7 - 9.2.4-1sarge3
libisccc0 - 9.2.4-1sarge3
libisccfg0 - 9.2.4-1sarge3
liblwres1 - 9.2.4-1sarge3
lwresd - 9.2.4-1sarge3
alpha:
bind9 - 9.2.4-1sarge3
bind9-host - 9.2.4-1sarge3
dnsutils - 9.2.4-1sarge3
libbind-dev - 9.2.4-1sarge3
libdns16 - 9.2.4-1sarge3
libisc7 - 9.2.4-1sarge3
libisccc0 - 9.2.4-1sarge3
libisccfg0 - 9.2.4-1sarge3
liblwres1 - 9.2.4-1sarge3
lwresd - 9.2.4-1sarge3
noarch:
bind9-doc - 9.2.4-1sarge3
mipsel:
bind9 - 9.2.4-1sarge3
bind9-host - 9.2.4-1sarge3
dnsutils - 9.2.4-1sarge3
libbind-dev - 9.2.4-1sarge3
libdns16 - 9.2.4-1sarge3
libisc7 - 9.2.4-1sarge3
libisccc0 - 9.2.4-1sarge3
libisccfg0 - 9.2.4-1sarge3
liblwres1 - 9.2.4-1sarge3
lwresd - 9.2.4-1sarge3
arm:
bind9 - 9.2.4-1sarge3
bind9-host - 9.2.4-1sarge3
dnsutils - 9.2.4-1sarge3
libbind-dev - 9.2.4-1sarge3
libdns16 - 9.2.4-1sarge3
libisc7 - 9.2.4-1sarge3
libisccc0 - 9.2.4-1sarge3
libisccfg0 - 9.2.4-1sarge3
liblwres1 - 9.2.4-1sarge3
lwresd - 9.2.4-1sarge3

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 94%
0.15044
Средний

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2007-2926

ubuntu
почти 18 лет назад

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

redhat логотип

CVE-2007-2926

redhat
почти 18 лет назад

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

nvd логотип

CVE-2007-2926

nvd
почти 18 лет назад

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

debian логотип

CVE-2007-2926

debian
почти 18 лет назад

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during ...

github логотип

GHSA-f6h8-pjrf-562j

github
около 3 лет назад

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

EPSS

Процентиль: 94%
0.15044
Средний

4.3 Medium

CVSS2