CVE-1999-0024

CVSS 2.0 Score 5 of 10 (medium)

Details

Published Aug 13, 1997
Updated: Nov 20, 2024

Summary

CVE-1999-0024 is a cybersecurity vulnerability affecting BIND, a widely used Domain Name System (DNS) software. Hackers can exploit this issue by generating DNS queries with predictable IDs, allowing them to poison caches with false information. This can redirect users to malicious websites or cause other serious issues, such as email interception or data theft. The vulnerability exists due to the lack of randomness in query ID generation, making it easier for attackers to manipulate DNS responses. To mitigate this risk, system administrators should update their BIND installations and configure secure DNS settings.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Sun Solaris
  • SunOS
  • ISC BIND
  • IBM AIX

Affected Vendors

  • IBM Corporation
  • Oracle Corp
  • Internet Storm Center
  • Sun.
  • NEC Corporation