CVE-2010-3615 — Bind vulnerability

CWE-2648 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

5.3%

top 9.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind9 ISC Bind

Timeline

PublishedDec 6

Latest updateMay 17

Description

named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianisc/bind9< 1:9.7.2.dfsg.P3-1+3

▶NVDisc/bind9.7.2

🔴Vulnerability Details

GHSA

GHSA-j2v8-rqc3-xfr2: named in ISC BIND 9↗2022-05-17

▶

OSV

CVE-2010-3615: named in ISC BIND 9↗2010-12-06

▶

CVEList

CVE-2010-3615: named in ISC BIND 9↗2010-12-03

▶

📋Vendor Advisories

Red Hat

bind: allow-query processed incorrectly allowing access to authoritative zones that should be restricted↗2010-12-01

▶

Debian

CVE-2010-3615: bind9 - named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query...↗2010

▶

💬Community

Bugzilla

CVE-2010-3615 bind: allow-query processed incorrectly allowing access to authoritative zones that should be restricted↗2010-12-01

▶

Bugzilla

CVE-2010-3615 CVE-2010-3613 CVE-2010-3614 bind various flaws [fedora-14]↗2010-12-01

▶