Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0497

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2001-0497
Last Modified 05 Sep 2008 04:24:15
Published 21 Jul 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-0497

Summary

dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.

Vulnerable Systems

Application

  • Isc Bind 8.2.4

  • Isc Bind 9.1.2


References

ISS - 20010611 BIND Inadvertent Local Exposure of HMAC-MD5 (TSIG) Keys

XF - bind-local-key-exposure(6694)

OSVDB - 5609


Last Updated: 27 May 2016 10:36:17