CVE-2007-2925 — Bind vulnerability

7 documents7 sources

Severity

5.8MEDIUMNVD

EPSS

2.2%

top 15.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind9 ISC Bind

Timeline

PublishedJul 24

Latest updateMay 1

Description

The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶Debianisc/bind9< 1:9.4.1-P1-1+3

▶NVDisc/bind9.4.0, 9.4.1, 9.5.0+2

🔴Vulnerability Details

GHSA

GHSA-439f-hv4q-rmc5: The default access control lists (ACL) in ISC BIND 9↗2022-05-01

▶

CVEList

CVE-2007-2925: The default access control lists (ACL) in ISC BIND 9↗2007-07-24

▶

OSV

CVE-2007-2925: The default access control lists (ACL) in ISC BIND 9↗2007-07-24

▶

📋Vendor Advisories

Red Hat

bind allow-query-cache/allow-recursion default ACL issue↗2007-07-23

▶

Debian

CVE-2007-2925: bind9 - The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 thr...↗2007

▶

💬Community

Bugzilla

CVE-2007-2925 bind allow-query-cache/allow-recursion default ACL issue↗2007-07-19

▶