""In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use," BIND developers wrote in Wednesday's disclosure. "BIND can be tricked into caching attacker responses, if the spoofing is successful." CVE-2025-40778 also raises the possibility of reviving cache poisoning attacks."
""Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache," the developers explained. "Forged records can be injected into cache during a query, which can potentially affect resolution of future queries." Even in such cases, the resulting fallout would be significantly more limited than the scenario envisioned by Kaminsky."
A weakness in the Pseudo Random Number Generator (PRNG) used by BIND can allow attackers to predict the source port and query ID, enabling spoofed responses to be accepted and cached. Under certain circumstances BIND accepts records from answers too leniently, permitting forged records to be injected into cache during queries and potentially affecting future resolution. Authoritative servers are not vulnerable and countermeasures such as DNSSEC, rate limiting and firewalling remain effective. Exploitation requires network-level spoofing and precise timing, so impact is limited to cache integrity. Patches for the identified CVEs should be applied as soon as practicable.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]