ByteOS Network

NVD Vulnerability Details :

CVE-2010-3615

Deferred

Source-cret@cert.org

Published At-06 Dec, 2010 | 13:44

Updated At-11 Apr, 2025 | 00:51

named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

Internet Systems Consortium, Inc.

>>bind>>9.7.2

cpe:2.3:a:isc:bind:9.7.2:p2:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

CWE ID: CWE-264

Type: Primary

Source: nvd@nist.gov

Evaluator Description

Per: http://www.isc.org/software/bind/advisories/cve-2010-3615 'This bug doesn't affect allow-recursion or allow-query-cache acls, since they are not relevant to a zone for which the server is authoritative. '

Evaluator Impact

Per: http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories 'Note particularly that disabling DNSSEC validation is NOT an effective workaround.'

References

Hyperlink	Source	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html	cret@cert.org	N/A
http://osvdb.org/69568	cret@cert.org	N/A
http://secunia.com/advisories/42458	cret@cert.org	Vendor Advisory
http://secunia.com/advisories/42671	cret@cert.org	N/A
http://securitytracker.com/id?1024817	cret@cert.org	N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.622190	cret@cert.org	N/A
http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories	cret@cert.org	N/A
http://www.isc.org/software/bind/advisories/cve-2010-3615	cret@cert.org	Vendor Advisory
http://www.kb.cert.org/vuls/id/510208	cret@cert.org	US Government Resource
http://www.securityfocus.com/bid/45134	cret@cert.org	N/A
http://www.vupen.com/english/advisories/2010/3102	cret@cert.org	Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://osvdb.org/69568	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/42458	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/42671	af854a3a-2127-422b-91ae-364da2661108	N/A
http://securitytracker.com/id?1024817	af854a3a-2127-422b-91ae-364da2661108	N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.622190	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.isc.org/software/bind/advisories/cve-2010-3615	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.kb.cert.org/vuls/id/510208	af854a3a-2127-422b-91ae-364da2661108	US Government Resource
http://www.securityfocus.com/bid/45134	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2010/3102	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory