CVE-2007-2925 - The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not

CVE-2007-2925

Summary

The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.

References

Vulnerable Configurations

cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:N

refmap via4

bid	25076
confirm	http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903 http://www.isc.org/index.pl?/sw/bind/bind-security.php
gentoo	GLSA-200708-13
mandriva	MDKSA-2007:149
openpkg	OpenPKG-SA-2007.022
sectrack	1018441
secunia	26227 26236 26509 26515
slackware	SSA:2007-207-01
vupen	ADV-2007-2628 ADV-2007-2914
xf	isc-bind-acl-security-bypass(35571)

statements via4

contributor	Joshua Bressers
lastmodified	2007-07-26
organization	Red Hat
statement	Not vulnerable. This issu did not affect the versions of bind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

Last major update

30-10-2018 - 16:27

Published

24-07-2007 - 17:30

Last modified

30-10-2018 - 16:27