4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
bind is vulnerable to denial of service (DoS). The vulnerability exists as it was discovered that the bind packages created the “rndc.key” file with insecure file permissions. This allowed any local user to read the content of this file. A local user could use this flaw to control some aspects of the named daemon by using the rndc utility, for example, stopping the named daemon. This problem did not affect systems with the bind-chroot package installed.
CPE | Name | Operator | Version |
---|---|---|---|
bind | eq | 9.3.3__9.0.1.el5 | |
bind | eq | 9.3.3__7.el5 | |
bind | eq | 9.3.3__8.el5 | |
bind | eq | 9.3.3__10.el5 | |
bind | eq | 9.3.3__9.0.1.el5 | |
bind | eq | 9.3.3__7.el5 | |
bind | eq | 9.3.3__8.el5 | |
bind | eq | 9.3.3__10.el5 |
secunia.com/advisories/28180
secunia.com/advisories/30313
www.redhat.com/security/updates/classification/#moderate
www.redhat.com/support/errata/RHSA-2008-0300.html
access.redhat.com/errata/RHSA-2008:0300
bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6283
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9977
www.redhat.com/archives/fedora-package-announce/2007-December/msg00587.html
www.redhat.com/archives/fedora-package-announce/2007-December/msg00671.html