|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Mark Andrews (marka
isc.org)
Date: Tue Sep 28 2010 - 15:10:46 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Security Advisory Regarding Unexpected ACL Behavior in BIND 9.7.2
Description: There was a flaw where the wrong ACL was applied. This
flaw could allow access to a cache via recursion even though the ACL
disallowed it.
CVE: pending
CERT: pending
Posting date: 2010-09-28
Program Impacted: BIND
Versions affected: 9.7.2 through 9.7.2-P1
Severity: low
Exploitable: remotely
Impact: Unintended availability of cache data.
Workaround: Upgrade to BIND 9.7.2-P2. No other workaround is currently
known.
Risk Assessment: This bug is primarily a risk to operators running
both authoritative and recursive DNS on the same BIND server in the
same view.
Acknowledgements: Thank you to Alexandre Simon for finding and
testing this issue.
For more information on BIND 9.7.2-P2, Release notes can be found at:
http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
Please address questions or concerns to larissasisc.org or
security-officerisc.org
_______________________________________________
bind-announce mailing list
bind-announcelists.isc.org
https://lists.isc.org/mailman/listinfo/bind-announce
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]