ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.
Max CVSS
4.3
EPSS Score
11.07%
Published
2007-07-24
Updated
2018-10-30
The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.
Max CVSS
5.8
EPSS Score
1.02%
Published
2007-07-24
Updated
2018-10-30
2 vulnerabilities found