Security Advisory Regarding Unexpected ACL Behavior in BIND 9.7.2 Description: There was a flaw where the wrong ACL was applied. This flaw could allow access to a cache via recursion even though the ACL disallowed it.
CVE: pending CERT: pending Posting date: 2010-09-28 Program Impacted: BIND Versions affected: 9.7.2 through 9.7.2-P1 Severity: low Exploitable: remotely Impact: Unintended availability of cache data. Workaround: Upgrade to BIND 9.7.2-P2. No other workaround is currently known. Risk Assessment: This bug is primarily a risk to operators running both authoritative and recursive DNS on the same BIND server in the same view. Acknowledgements: Thank you to Alexandre Simon for finding and testing this issue. For more information on BIND 9.7.2-P2, Release notes can be found at: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html Please address questions or concerns to [email protected] or [email protected] _______________________________________________ bind-announce mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-announce
