{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"BIND 9.4.0, 9.4.1 ;","product":{"name":"BIND","vendor":{"name":"ISC","scada":false}}},{"description":"BIND 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.7, 9.2.8 ;","product":{"name":"BIND","vendor":{"name":"ISC","scada":false}}},{"description":"BIND 9.1 (toutes versions) ;","product":{"name":"BIND","vendor":{"name":"ISC","scada":false}}},{"description":"BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.3.4 ;","product":{"name":"BIND","vendor":{"name":"ISC","scada":false}}},{"description":"BIND 9.5.0a1, 9.5.0a2, 9.5.0a3, 9.5.0a4, 9.5.0a5.","product":{"name":"BIND","vendor":{"name":"ISC","scada":false}}},{"description":"BIND 9.0 (toutes versions) ;","product":{"name":"BIND","vendor":{"name":"ISC","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans BIND. La faille concerne le\ng\u00e9n\u00e9rateur d'identifiants de requ\u00eates, vuln\u00e9rable \u00e0 une cryptanalyse\npermettant une chance \u00e9lev\u00e9e de deviner le prochain identifiant pour la\nmoiti\u00e9 des requ\u00eates. Ceci peut \u00eatre exploit\u00e9 par une personne\nmalintentionn\u00e9e pour effectuer du cache poisoning et donc contourner la\npolitique de s\u00e9curit\u00e9.\n\nUne seconde vuln\u00e9rabilit\u00e9 concerne les listes de contr\u00f4le d'acc\u00e8s (ACL)\npar d\u00e9faut dans BIND. Elles ne prennent pas en compte la possibilit\u00e9 de\nfaire des requ\u00eates r\u00e9cursives ou d'interroger le cache.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 des \u00e9diteurs pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2007-2926","url":"https://www.cve.org/CVERecord?id=CVE-2007-2926"},{"name":"CVE-2007-2925","url":"https://www.cve.org/CVERecord?id=CVE-2007-2925"},{"name":"CVE-2007-3377","url":"https://www.cve.org/CVERecord?id=CVE-2007-3377"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SA:2007:047 du 01 ao\u00fbt 2007    :","url":"http://www.novell.com/linux/security/advisories/2007_47_bind.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Ubuntu USN-491-1 du 25 juillet 2007 :","url":"http://www.ubuntu.com/usn/usn-491-1"},{"title":"Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200708-13 du 18 ao\u00fbt 2007    :","url":"http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml"},{"title":"Bulletin de s\u00e9curit\u00e9 FreeBSD FreeBSD-SA-07:07.bind du 01    ao\u00fbt 2007 :","url":"http://security.freebsd.org/advisories/FreeBSD-SA-07:07.bind.asc"},{"title":"Bulletin de s\u00e9curit\u00e9 Debian DSA 1341-2 du 26juillet 2007 :","url":"http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00103.html"},{"title":"Page des mises \u00e0 jour Nortel :","url":"http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903#PRODUCTS"},{"title":"Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:149 du 30 juin    2007 :","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:149"},{"title":"R\u00e9ponse de Nortel \u00e0 la vuln\u00e9rabilit\u00e9 ISC:DNS:BIND 9, du 16    ao\u00fbt 2007 :","url":"http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2007/33/022649-01.pdf"},{"title":"Bulletin de s\u00e9curit\u00e9 Debian DSA 1341-1 du 25 juillet 2007 :","url":"http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00102.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Avaya ASA-2007-351 du 15 ao\u00fbt 2007 :","url":"http://support.avaya.com/elmodocs2/security/ASA-2007-351.htm"},{"title":"Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2007-0740-2 du 24 juillet    2007 :","url":"http://rhn.redhat.com/errata/RHSA-2007-0740.html"},{"title":"Bulletin de s\u00e9curit\u00e9 ISC BIND du 24 juillet 2007 :","url":"http://www.isc.org/index.pl?/sw/bind/bind-security.php"}],"reference":"CERTA-2007-AVI-327","revisions":[{"description":"version initiale.","revision_date":"2007-07-24T00:00:00.000000"},{"description":"ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Debian, Ubuntu, Mandriva et Red Hat.","revision_date":"2007-07-26T00:00:00.000000"},{"description":"ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Debian.","revision_date":"2007-08-01T00:00:00.000000"},{"description":"ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 SuSE et FreeBSD.","revision_date":"2007-08-02T00:00:00.000000"},{"description":"ajout des r\u00e9f\u00e9rences aux CVE et aux bulletin de Nortel et Avaya.","revision_date":"2007-08-17T00:00:00.000000"},{"description":"ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Gentoo.","revision_date":"2007-08-22T00:00:00.000000"}],"risks":[{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"Une vuln\u00e9rabilit\u00e9 d\u00e9couverte dans BIND permet \u00e0 une personne\nmalintentionn\u00e9e de contourner la politique de s\u00e9curit\u00e9.\n","title":"Vuln\u00e9rabilit\u00e9 dans BIND","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 d'ISC BIND du 24 juillet 2007","url":null}]}