Security Advisory Regarding Unexpected ACL Behavior in BIND 9.7.2 Description: There was a flaw where the wrong ACL was applied. This flaw could allow access to a cache via recursion even though the ACL disallowed it.
CVE: pending CERT: pending Posting date: 2010-09-28 Program Impacted: BIND Versions affected: 9.7.2 through 9.7.2-P1 Severity: low Exploitable: remotely Impact: Unintended availability of cache data. Workaround: Upgrade to BIND 9.7.2-P2. No other workaround is currently known. Risk Assessment: This bug is primarily a risk to operators running both authoritative and recursive DNS on the same BIND server in the same view. Acknowledgements: Thank you to Alexandre Simon for finding and testing this issue. For more information on BIND 9.7.2-P2, Release notes can be found at: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html Please address questions or concerns to laris...@isc.org or security-offi...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users