Authorization Bypass

2018-05-2308:00:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

libbind9.so is vulnerable to authorization bypass. A malicious user can trigger a TSIG authentication error to cause an unauthorized DNS zone transfer or other DNS transactions. This vulnerability only applies to DNS servers using bind that have no-address based ACL in place.

CPENameOperatorVersion
libbind9.sole90.0.8
bindeq9.7.3__8.P3.el6_2.1
bindeq9.8.2__0.37.rc1.el6_7.1
bindeq9.7.3__2.el6_1.P1.1
bindeq9.8.2__0.37.rc1.el6_7.6
bindeq9.8.2__0.47.rc1.el6_8.1
bindeq9.8.2__0.30.rc1.el6
bindeq9.8.2__0.10.rc1.el6_3.4
bindeq9.8.2__0.47.rc1.el6_8.2
bindeq9.7.3__2.el6_1.P3.3

Name	Operator	Version
libbind9.so	le	90.0.8
bind	eq	9.7.3__8.P3.el6_2.1
bind	eq	9.8.2__0.37.rc1.el6_7.1
bind	eq	9.7.3__2.el6_1.P1.1
bind	eq	9.8.2__0.37.rc1.el6_7.6
bind	eq	9.8.2__0.47.rc1.el6_8.1
bind	eq	9.8.2__0.30.rc1.el6
bind	eq	9.8.2__0.10.rc1.el6_3.4
bind	eq	9.8.2__0.47.rc1.el6_8.2
bind	eq	9.7.3__2.el6_1.P3.3