ISC BIND 'allow-query' Zone ACL Security Bypass Vulnerability Network Vulnerability

Summary

ISC BIND is prone to a security-bypass vulnerability. Successfully exploiting this issue allows remote attackers to bypass zone-and-view Access Control Lists (ACLs) to perform unintended queries. Versions prior to BIND 9.7.2-P3 are vulnerable.

Solution

Vendor updates are available. Please see the references for more information.

References

http://www.isc.org/products/BIND/
https://www.isc.org/software/bind/advisories/cve-2010-3615
https://www.securityfocus.com/bid/45134

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3615

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apple Safari Multiple Memory Corruption Vulnerabilities-01 Aug14 (Mac OS X)
Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Mac OS X)
Adobe Flash Player/Air Multiple Vulnerabilities -feb10 (Linux)
Apple Safari 'Webkit' Multiple Vulnerabilities -01 Feb15 (Mac OS X)
Apache Tomcat AJP Request Remote Denial Of Service Vulnerability

Take action and discover your vulnerabilities