From: Michał Kępień <michal@isc.org>
Date: Wed, 22 Oct 2025 16:45:05 +0000 (+0200)
Subject: [9.16] [CVE-2025-40780] sec: usr: Cache-poisoning due to weak pseudo-random number... 
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dd614497470c6ae9cd8a963e5a0f1cc177ee7b86;p=thirdparty%2Fbind9.git

[9.16] [CVE-2025-40780] sec: usr: Cache-poisoning due to weak pseudo-random number generator

It was discovered during research for an upcoming academic paper that a
xoshiro128\*\* internal state can be recovered by an external 3rd party,
allowing the prediction of UDP ports and DNS IDs in outgoing queries.
This could lead to an attacker spoofing the DNS answers with great
efficiency and poisoning the DNS cache.

The internal random generator has been changed to a cryptographically
secure pseudo-random generator.

ISC would like to thank Prof. Amit Klein and Omer Ben Simhon from Hebrew
University of Jerusalem for bringing this vulnerability to our
attention.

Backport of !831

Closes isc-projects/bind9#5484

Merge branch '5484-security-make-isc_random-csprng-9.16' into 'bind-9.16-release'

See merge request isc-private/bind9!848
---

dd614497470c6ae9cd8a963e5a0f1cc177ee7b86