CVE-2001-0497

CVSS 7.8 - HIGH

Description

dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.

Affected Products

2

Vendor	Product	Version
isc	bind	`All versions`
isc	bind	`All versions`

References

http://www.osvdb.org/5609

http://xforce.iss.net/alerts/advise78.php

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

http://www.osvdb.org/5609

http://xforce.iss.net/alerts/advise78.php

https://exchange.xforce.ibmcloud.com/vulnerabiliti...

Weakness Types

CWE-276

CVE Information

CVE ID:: CVE-2001-0497
Published:: 2001-07-21
Modified:: 2025-04-03
CVSS Score:: 7.8
Severity:: HIGH
Vector:: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Vendors

isc

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL