ID CVE-2007-2925
Summary The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.
References
Vulnerable Configurations
  • cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
refmap via4
bid 25076
confirm
gentoo GLSA-200708-13
mandriva MDKSA-2007:149
openpkg OpenPKG-SA-2007.022
sectrack 1018441
secunia
  • 26227
  • 26236
  • 26509
  • 26515
slackware SSA:2007-207-01
vupen
  • ADV-2007-2628
  • ADV-2007-2914
xf isc-bind-acl-security-bypass(35571)
statements via4
contributor Joshua Bressers
lastmodified 2007-07-26
organization Red Hat
statement Not vulnerable. This issu did not affect the versions of bind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Last major update 30-10-2018 - 16:27
Published 24-07-2007 - 17:30
Back to Top