CVE-2010-3615

Published: Dec 6, 2010Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism.

Affected (1)

Products: Isc: Bind

Isc

1 product

Bind

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Isc Bind	Version 9.7.2 p2

Related CWEs

CWE-264

References (22)

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html

Source: cret@cert.org

http://osvdb.org/69568

Source: cret@cert.org

http://secunia.com/advisories/42458

Source: cret@cert.org

Vendor Advisory

http://secunia.com/advisories/42671

Source: cret@cert.org

http://securitytracker.com/id?1024817

Source: cret@cert.org

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.622190

Source: cret@cert.org

http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories

Source: cret@cert.org

http://www.isc.org/software/bind/advisories/cve-2010-3615

Source: cret@cert.org

Vendor Advisory

http://www.kb.cert.org/vuls/id/510208

Source: cret@cert.org

US Government Resource

http://www.securityfocus.com/bid/45134

Source: cret@cert.org

http://www.vupen.com/english/advisories/2010/3102

Source: cret@cert.org

Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html