Unrated severityNVD Advisory· Published Jul 24, 2007· Updated Apr 23, 2026

CVE-2007-2926

Description

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.

Affected products

Isc/Bind7 versions
cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
osv-coords
pkg:rpm/opensuse/bind&distro=openSUSE%20Tumbleweed
Range: < 9.16.20-1.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.016
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000