Vulnerability Note VU#784855

Unexpected ACL Behavior in BIND 9.7.2

Original Release date: 30 Sep 2010 | Last revised: 30 Sep 2010


A flaw exists in BIND 9.7.2 through 9.7.2-P1 pertaining to how an ACL is applied.


There is a flaw in BIND 9.7.2 through 9.7.2-P1 where the wrong ACL is applied. This flaw could allow access to a cache via recursion even though the ACL disallowed it. This bug is primarily a risk to operators running both authoritative and recursive DNS on the same BIND server in the same view.


A loss of confidentiality in cache data exists.


Upgrade to BIND 9.7.2-P2

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Internet Systems ConsortiumAffected28 Sep 201030 Sep 2010
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This document was written by Jared Allar.

Other Information

  • CVE IDs: CVE-2010-0218
  • Date Public: 28 Sep 2010
  • Date First Published: 30 Sep 2010
  • Date Last Updated: 30 Sep 2010
  • Severity Metric: 0.01
  • Document Revision: 7


If you have feedback, comments, or additional information about this vulnerability, please send us email.