Vulnerability CVE-2007-2925

Vulnerability Name:

CVE-2007-2925 (CCN-35571)

Assigned:

2007-07-24

Published:

2007-07-24

Updated:

2018-10-30

Summary:

The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.

CVSS v3 Severity:

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2007-2925

Source: SECUNIA
Type: UNKNOWN
26227

Source: SECUNIA
Type: UNKNOWN
26236

Source: SECUNIA
Type: UNKNOWN
26509

Source: CCN
Type: SA26515
Nortel Products BIND Predictable DNS Query IDs Vulnerability

Source: SECUNIA
Type: UNKNOWN
26515

Source: CCN
Type: SECTRACK ID: 1018441
BIND Weak Default Access Control Lists Let Remote Users Make Recursive Queries or Query the Cache

Source: CONFIRM
Type: UNKNOWN
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903

Source: CCN
Type: Nortel Response to ISC:DNS
BIND 9 Vulnerabilities in Default ACL and Weak Query IDs

Source: CCN
Type: GLSA-200708-13
BIND: Weak random number generation

Source: GENTOO
Type: UNKNOWN
GLSA-200708-13

Source: CONFIRM
Type: UNKNOWN
http://www.isc.org/index.pl?/sw/bind/bind-security.php

Source: CCN
Type: Internet Software Consortium (ISC) Web site
BIND (Berkeley Internet Name Domain) page

Source: CCN
Type: US-CERT VU#187297
ISC BIND does not correctly set default access controls

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:149

Source: CCN
Type: OpenPKG-SA-2007.022
bind

Source: OPENPKG
Type: UNKNOWN
OpenPKG-SA-2007.022

Source: CCN
Type: OSVDB ID: 36236
ISC BIND allow-query-cache/allow-recursion ACL Bypass

Source: BID
Type: UNKNOWN
25076

Source: CCN
Type: BID-25076
ISC BIND 9 Default ACL Settings Recursive Queries And Cached Content Security Bypass Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018441

Source: SLACKWARE
Type: UNKNOWN
SSA:2007-207-01

Source: VUPEN
Type: UNKNOWN
ADV-2007-2628

Source: VUPEN
Type: UNKNOWN
ADV-2007-2914

Source: XF
Type: UNKNOWN
isc-bind-acl-security-bypass(35571)

Source: XF
Type: UNKNOWN
isc-bind-acl-security-bypass(35571)

Vulnerable Configuration:

Configuration 1:

cpe:/a:isc:bind:9.4.0:*:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.4.1:*:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.5.0:*:*:*:-:*:*:*

Configuration CCN 1:

cpe:/a:isc:bind:9.4.0:*:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.4.1:*:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.5.0:a1:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.5.0:a2:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.5.0:a3:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.5.0:a4:*:*:-:*:*:*

OR cpe:/a:isc:bind:9.5.0:a5:*:*:-:*:*:*

AND

cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:server:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20072925	V	CVE-2007-2925	2022-06-30
oval:org.opensuse.security:def:42277	P	Security update for tar (Moderate)	2022-05-05
oval:org.opensuse.security:def:112004	P	bind-9.16.20-1.4 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:26219	P	Security update for apache2 (Important) (in QA)	2022-01-10
oval:org.opensuse.security:def:31751	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:33056	P	Security update for webkit2gtk3 (Important)	2021-12-01
oval:org.opensuse.security:def:31709	P	Security update for java-1_8_0-openjdk (Important)	2021-11-23
oval:org.opensuse.security:def:32225	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:31304	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:31704	P	Security update for samba (Important)	2021-11-19
oval:org.opensuse.security:def:26152	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:33017	P	Security update for glibc (Moderate)	2021-10-06
oval:org.opensuse.security:def:105563	P	bind-9.16.20-1.4 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:26138	P	Security update for python-urllib3 (Moderate)	2021-09-29
oval:org.opensuse.security:def:26129	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:32169	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:26099	P	Security update for libsndfile (Critical)	2021-08-05
oval:org.opensuse.security:def:31660	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:32157	P	Security update for qemu (Important)	2021-07-29
oval:org.opensuse.security:def:31227	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:31647	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:31645	P	Security update for ovmf (Important)	2021-06-22
oval:org.opensuse.security:def:31212	P	Security update for ovmf (Important)	2021-06-22
oval:org.opensuse.security:def:36376	P	bind-devel-32bit-9.9.6P1-0.5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42500	P	bind-9.9.6P1-0.5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32113	P	Security update for qemu (Important)	2021-06-08
oval:org.opensuse.security:def:26068	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:36093	P	bind-9.9.6P1-0.5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42080	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:26050	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:32091	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:31153	P	Security update for xen (Important)	2021-04-19
oval:org.opensuse.security:def:31604	P	Security update for spamassassin (Important)	2021-04-12
oval:org.opensuse.security:def:31141	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:31142	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:31748	P	Security update for openssl (Moderate)	2021-03-24
oval:org.opensuse.security:def:31359	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:31361	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:32274	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:31349	P	Security update for MozillaFirefox (Important)	2021-03-01
oval:org.opensuse.security:def:26196	P	Security update for ImageMagick (Moderate)	2021-02-19
oval:org.opensuse.security:def:31338	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:31337	P	Security update for python (Important)	2021-02-11
oval:org.opensuse.security:def:26210	P	Security update for MozillaFirefox (Important)	2021-01-12
oval:org.opensuse.security:def:25984	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:32834	P	Security update for curl (Moderate)	2020-12-18
oval:org.opensuse.security:def:32013	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:31560	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:32003	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:35673	P	bind-9.6ESVR5P1-0.8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41933	P	bind-9.5.0P2-20.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35870	P	bind-9.6ESVR7P4-0.10.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31559	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:35526	P	bind-9.5.0P2-20.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31080	P	Security update for python-setuptools (Important)	2020-12-02
oval:org.opensuse.security:def:25432	P	Security update for ibus (Important)	2020-12-01
oval:org.opensuse.security:def:26000	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25926	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25362	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:31947	P	Security update for gpg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26374	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:25624	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:26673	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26001	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:25503	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:32052	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:27056	P	xdg-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25762	P	Security update for Xerces-C (Moderate)	2020-12-01
oval:org.opensuse.security:def:25756	P	Security update for python, python-base, python-doc (Moderate)	2020-12-01
oval:org.opensuse.security:def:31814	P	Security update for apache2-mod_nss (Moderate)	2020-12-01
oval:org.opensuse.security:def:25225	P	Security update for systemd (Important)	2020-12-01
oval:org.opensuse.security:def:26502	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:25809	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32491	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25642	P	Security update for blktrace (Low)	2020-12-01
oval:org.opensuse.security:def:31448	P	Security update for postgresql-init (Moderate)	2020-12-01
oval:org.opensuse.security:def:32795	P	t1lib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25300	P	Security update for dovecot22 (Important)	2020-12-01
oval:org.opensuse.security:def:31508	P	Security update for python27 (Important)	2020-12-01
oval:org.opensuse.security:def:26604	P	libsoup-2_4-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26491	P	Security update for nextcloud (Moderate)	2020-12-01
oval:org.opensuse.security:def:25654	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:31869	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:31807	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30995	P	Security update for jasper (Important)	2020-12-01
oval:org.opensuse.security:def:25509	P	Security update for libssh (Important)	2020-12-01
oval:org.opensuse.security:def:26657	P	LibVNCServer on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25846	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:25801	P	Security update for libvdpau (Moderate)	2020-12-01
oval:org.opensuse.security:def:31895	P	Security update for MozillaFirefox, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:26869	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25077	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:25650	P	Security update for SDL (Moderate)	2020-12-01
oval:org.opensuse.security:def:27339	P	xterm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25903	P	Security update for util-linux (Important)	2020-12-01
oval:org.opensuse.security:def:31961	P	Security update for guile (Low)	2020-12-01
oval:org.opensuse.security:def:25089	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:26272	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:32335	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:25421	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:31555	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25956	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32638	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25925	P	Security update for pcre (Moderate)	2020-12-01
oval:org.opensuse.security:def:25281	P	Security update for squid (Important)	2020-12-01
oval:org.opensuse.security:def:31595	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:26360	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:25496	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:26638	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25937	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25419	P	Security update for kernel-firmware (Important)	2020-12-01
oval:org.opensuse.security:def:26418	P	Security update for pdns-recursor (Moderate)	2020-12-01
oval:org.opensuse.security:def:25705	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25707	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:31770	P	Security update for MozillaFirefox, mozilla-nss, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:25997	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27091	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25224	P	Security update for libqt5-qtbase (Important)	2020-12-01
oval:org.opensuse.security:def:25795	P	Security update for kernel-source (Important)	2020-12-01
oval:org.opensuse.security:def:32452	P	Security update for xerces-j2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31571	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:26267	P	Security update for xawtv (Moderate)	2020-12-01
oval:org.opensuse.security:def:25236	P	Security update for libexif (Moderate)	2020-12-01
oval:org.opensuse.security:def:31451	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:26555	P	glib2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25853	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25643	P	Security update for hunspell (Low)	2020-12-01
oval:org.opensuse.security:def:31777	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:30994	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:25428	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:31791	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26643	P	systemtap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26526	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25718	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:31926	P	Recommended update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:31856	P	Security update for cups (Moderate)	2020-12-01
oval:org.opensuse.security:def:26834	P	tomcat6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31006	P	Security update for java-1_6_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25566	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:26701	P	ft2demos on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25927	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25854	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31917	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:25078	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:32313	P	Security update for quagga (Important)	2020-12-01
oval:org.opensuse.security:def:27374	P	bind-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25420	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31423	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26351	P	Security update for mongodb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25942	P	Security update for gstreamer-0_10-plugins-bad (Moderate)	2020-12-01
oval:org.opensuse.security:def:32599	P	qt3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25153	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26321	P	Security update for kcoreaddons (Moderate)	2020-12-01
oval:org.opensuse.security:def:32379	P	Security update for tiff (Moderate)	2020-12-01

BACK