CVE Vulnerabilities

CVE-2001-0497

Published: Jul 21, 2001 | Modified: Sep 20, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.

Affected Software

Name Vendor Start Version End Version
Bind Isc * 8.2.4
Bind Isc 9.0 9.1.2

References