View Full Version : USN-491-1: Bind vulnerability

July 25th, 2007, 07:20 PM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-491-1 July 25, 2007 bind9 vulnerability CVE-2007-2926 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libdns21 1:9.3.2-2ubuntu1.3 Ubuntu 6.10: libdns21 1:9.3.2-2ubuntu3.2 Ubuntu 7.04: libdns22 1:9.3.4-2ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A flaw was discovered in Bind's sequence number generator. A remote attacker could calculate future sequence numbers and send forged DNS query responses. This could lead to client connections being directed to attacker-controlled hosts, resulting in credential theft and other attacks.

More... (http://www.ubuntu.com/usn/usn-491-1)