bindにDNSキャッシュを汚染される穴。
ついでに7stableをbuildworld。

FreeBSD-SA-08:06.bind                                       Security Advisory
                                                          The FreeBSD Project

Topic:          DNS cache poisoning

Category:       contrib
Module:         bind
Announced:      2008-07-13
Credits:        Dan Kaminsky
Affects:        All supported FreeBSD versions.
Corrected:      2008-07-12 10:07:33 UTC (RELENG_6, 6.3-STABLE)
                2008-07-13 18:42:38 UTC (RELENG_6_3, 6.3-RELEASE-p3)
                2008-07-13 18:42:38 UTC (RELENG_7, 7.0-STABLE)
                2008-07-13 18:42:38 UTC (RELENG_7_0, 7.0-RELEASE-p3)
CVE Name:       CVE-2008-1447

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit url:http://security.freebsd.org/.

I.   Background

BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is an Internet Domain Name Server.  DNS requests
contain a query id which is used to match a DNS request with the response
and to make it harder for anybody but the DNS server which received the
request to send a valid response.

II.  Problem Description

The BIND DNS implementation does not randomize the UDP source port when
doing remote queries, and the query id alone does not provide adequate
randomization.

III. Impact

The lack of source port randomization reduces the amount of data the
attacker needs to guess in order to successfully execute a DNS cache
poisoning attack.  This allows the attacker to influence or control
the results of DNS queries being returned to users from target systems.

IV.  Workaround

Limiting the group of machines that can do recursive queries on the DNS
server will make it more difficult, but not impossible, for this
vulnerability to be exploited.