Vulnerability Note VU#784855
Unexpected ACL Behavior in BIND 9.7.2
A flaw exists in BIND 9.7.2 through 9.7.2-P1 pertaining to how an ACL is applied.
There is a flaw in BIND 9.7.2 through 9.7.2-P1 where the wrong ACL is applied. This flaw could allow access to a cache via recursion even though the ACL disallowed it. This bug is primarily a risk to operators running both authoritative and recursive DNS on the same BIND server in the same view.
A loss of confidentiality in cache data exists.
Upgrade to BIND 9.7.2-P2
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Internet Systems Consortium||Affected||28 Sep 2010||30 Sep 2010|
CVSS Metrics (Learn More)
This document was written by Jared Allar.
- CVE IDs: CVE-2010-0218
- Date Public: 28 Sep 2010
- Date First Published: 30 Sep 2010
- Date Last Updated: 30 Sep 2010
- Severity Metric: 0.01
- Document Revision: 7
If you have feedback, comments, or additional information about this vulnerability, please send us email.