CVE-2001-0497

Description

dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.

Affected Software
References

Software	From	Fixed in
isc / bind	-	8.2.4.x
isc / bind	9.0	9.1.2.x

http://www.osvdb.org/5609
http://xforce.iss.net/alerts/advise78.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/6694

Severity: High

CVE: CVE-2001-0497
Published: Jul 21, 2001
Updated: May 9, 2024
Exploit:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-276

CVE-2001-0497

Description

Details

CVSS v3

CVSS v2

CWEs