Security Advisory Regarding Unexpected ACL Behavior in BIND 9.7.2
Mark Andrews
marka at isc.org
Tue Sep 28 20:10:46 UTC 2010
Security Advisory Regarding Unexpected ACL Behavior in BIND 9.7.2
Description: There was a flaw where the wrong ACL was applied. This
flaw could allow access to a cache via recursion even though the ACL
disallowed it.
CVE: pending
CERT: pending
Posting date: 2010-09-28
Program Impacted: BIND
Versions affected: 9.7.2 through 9.7.2-P1
Severity: low
Exploitable: remotely
Impact: Unintended availability of cache data.
Workaround: Upgrade to BIND 9.7.2-P2. No other workaround is currently
known.
Risk Assessment: This bug is primarily a risk to operators running
both authoritative and recursive DNS on the same BIND server in the
same view.
Acknowledgements: Thank you to Alexandre Simon for finding and
testing this issue.
For more information on BIND 9.7.2-P2, Release notes can be found at:
http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
Please address questions or concerns to larissas at isc.org or
security-officer at isc.org
More information about the bind-announce
mailing list