CVE-2001-0497

dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
References
Link Resource
http://www.osvdb.org/5609 Broken Link
http://xforce.iss.net/alerts/advise78.php Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/6694 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*

History

08 Feb 2024, 15:49

Type Values Removed Values Added
CVSS v2 : 4.6
v3 : unknown
v2 : 4.6
v3 : 7.8
CWE NVD-CWE-Other CWE-276

Information

Published : 2001-07-21 04:00

Updated : 2024-02-28 10:24


NVD link : CVE-2001-0497

Mitre link : CVE-2001-0497

CVE.ORG link : CVE-2001-0497


JSON object : View

Products Affected

isc

  • bind
CWE
CWE-276

Incorrect Default Permissions