dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
References
Link | Resource |
---|---|
http://www.osvdb.org/5609 | Broken Link |
http://xforce.iss.net/alerts/advise78.php | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/6694 | Third Party Advisory VDB Entry |
Configurations
History
08 Feb 2024, 15:49
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
CWE | CWE-276 |
Information
Published : 2001-07-21 04:00
Updated : 2024-02-08 15:49
NVD link : CVE-2001-0497
Mitre link : CVE-2001-0497
CVE.ORG link : CVE-2001-0497
JSON object : View
Products Affected
isc
- bind
CWE
CWE-276
Incorrect Default Permissions