CVE-2010-3615

{"id": "CVE-2010-3615", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-12-06T13:44:54.127", "references": [{"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html", "source": "cret@cert.org"}, {"url": "http://osvdb.org/69568", "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/42458", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/42671", "source": "cret@cert.org"}, {"url": "http://securitytracker.com/id?1024817", "source": "cret@cert.org"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.622190", "source": "cret@cert.org"}, {"url": "http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories", "source": "cret@cert.org"}, {"url": "http://www.isc.org/software/bind/advisories/cve-2010-3615", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/510208", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/45134", "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/3102", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism."}, {"lang": "es", "value": "named en ISC BIND 9.7.2-P2 no comprueba todas las localizaciones previstas para las ACLs \"allow-query\" (permitir consultas), lo que puede permitir a atacantes remotos realizar peticiones con \u00e9xito a registros DNS privados a trav\u00e9s del mecanismo de consulta DNS est\u00e1ndar."}], "lastModified": "2016-04-04T15:45:51.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:9.7.2:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5690EC8-66C9-4316-BEAB-C218843F7FCC"}], "operator": "OR"}]}], "evaluatorImpact": "Per: http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories\r\n\r\n'Note particularly that disabling DNSSEC validation is NOT an effective workaround.'", "evaluatorComment": "Per: http://www.isc.org/software/bind/advisories/cve-2010-3615\r\n\r\n'This bug doesn't affect allow-recursion or allow-query-cache acls, since they are not relevant to a zone for which the server is authoritative. '", "sourceIdentifier": "cret@cert.org"}