DEBIAN-CVE-2007-2926

DEBIAN-CVE-2007-2926 PUBLISHED

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

Affected Products

Vendor	Product	Versions
Debian:12	bind9	0, 0, 0
Debian:13	bind9	0, 0, 0
Debian:11	bind9	0, 0, 0
Debian:14	bind9	0, 0, 0

Timeline

Jul 24, 2007 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2007-2926 advisory

Open in Interactive Console →