Vulnerability-Lookup

CVE-2007-2925 (GCVE-0-2007-2925)

Vulnerability from cvelistv5 – Published: 2007-07-24 17:00 – Updated: 2024-08-07 13:57

Summary

The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.

Severity ?

No CVSS data available.

CWE

Assigner

certcc

References

URL

Tags

	http://www.securityfocus.com/bid/25076	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2007/2914	vdb-entryx_refsource_VUPEN
	http://www.securitytracker.com/id?1018441	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2007/2628	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/26509	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.gentoo.org/security/en/glsa/glsa-20070…	vendor-advisoryx_refsource_GENTOO
	http://support.nortel.com/go/main.jsp?cscat=BLTND…	x_refsource_CONFIRM
	http://www.slackware.org/security/viewer.php?l=sl…	vendor-advisoryx_refsource_SLACKWARE
	http://www.isc.org/index.pl?/sw/bind/bind-security.php	x_refsource_CONFIRM
	http://secunia.com/advisories/26227	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/26515	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/26236	third-party-advisoryx_refsource_SECUNIA
	http://www.openpkg.com/security/advisories/OpenPK…	vendor-advisoryx_refsource_OPENPKG

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:57:54.472Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "25076",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25076"
          },
          {
            "name": "ADV-2007-2914",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2914"
          },
          {
            "name": "1018441",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018441"
          },
          {
            "name": "ADV-2007-2628",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2628"
          },
          {
            "name": "26509",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26509"
          },
          {
            "name": "MDKSA-2007:149",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:149"
          },
          {
            "name": "isc-bind-acl-security-bypass(35571)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35571"
          },
          {
            "name": "GLSA-200708-13",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=623903"
          },
          {
            "name": "SSA:2007-207-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.521385"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"
          },
          {
            "name": "26227",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26227"
          },
          {
            "name": "26515",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26515"
          },
          {
            "name": "26236",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26236"
          },
          {
            "name": "OpenPKG-SA-2007.022",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENPKG",
              "x_transferred"
            ],
            "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01.000Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "25076",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25076"
        },
        {
          "name": "ADV-2007-2914",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2914"
        },
        {
          "name": "1018441",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018441"
        },
        {
          "name": "ADV-2007-2628",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2628"
        },
        {
          "name": "26509",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26509"
        },
        {
          "name": "MDKSA-2007:149",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:149"
        },
        {
          "name": "isc-bind-acl-security-bypass(35571)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35571"
        },
        {
          "name": "GLSA-200708-13",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=623903"
        },
        {
          "name": "SSA:2007-207-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.521385"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"
        },
        {
          "name": "26227",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26227"
        },
        {
          "name": "26515",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26515"
        },
        {
          "name": "26236",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26236"
        },
        {
          "name": "OpenPKG-SA-2007.022",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENPKG"
          ],
          "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2007-2925",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "25076",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25076"
            },
            {
              "name": "ADV-2007-2914",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2914"
            },
            {
              "name": "1018441",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018441"
            },
            {
              "name": "ADV-2007-2628",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2628"
            },
            {
              "name": "26509",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26509"
            },
            {
              "name": "MDKSA-2007:149",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:149"
            },
            {
              "name": "isc-bind-acl-security-bypass(35571)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35571"
            },
            {
              "name": "GLSA-200708-13",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml"
            },
            {
              "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=623903",
              "refsource": "CONFIRM",
              "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=623903"
            },
            {
              "name": "SSA:2007-207-01",
              "refsource": "SLACKWARE",
              "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.521385"
            },
            {
              "name": "http://www.isc.org/index.pl?/sw/bind/bind-security.php",
              "refsource": "CONFIRM",
              "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"
            },
            {
              "name": "26227",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26227"
            },
            {
              "name": "26515",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26515"
            },
            {
              "name": "26236",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26236"
            },
            {
              "name": "OpenPKG-SA-2007.022",
              "refsource": "OPENPKG",
              "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2007-2925",
    "datePublished": "2007-07-24T17:00:00.000Z",
    "dateReserved": "2007-05-30T00:00:00.000Z",
    "dateUpdated": "2024-08-07T13:57:54.472Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-439F-HV4Q-RMC5

Vulnerability from github – Published: 2022-05-01 18:08 – Updated: 2022-05-01 18:08

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-2925"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-07-24T17:30:00Z",
    "severity": "MODERATE"
  },
  "details": "The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.",
  "id": "GHSA-439f-hv4q-rmc5",
  "modified": "2022-05-01T18:08:35Z",
  "published": "2022-05-01T18:08:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-2925"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35571"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26227"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26236"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26509"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26515"
    },
    {
      "type": "WEB",
      "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=623903"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:149"
    },
    {
      "type": "WEB",
      "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25076"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018441"
    },
    {
      "type": "WEB",
      "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.521385"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2628"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2914"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-2925

Vulnerability from fkie_nvd - Published: 2007-07-24 17:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

	URL	Tags
	cret@cert.org	http://secunia.com/advisories/26227
	cret@cert.org	http://secunia.com/advisories/26236
	cret@cert.org	http://secunia.com/advisories/26509
	cret@cert.org	http://secunia.com/advisories/26515
	cret@cert.org	http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903
	cret@cert.org	http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml
	cret@cert.org	http://www.isc.org/index.pl?/sw/bind/bind-security.php
	cret@cert.org	http://www.mandriva.com/security/advisories?name=MDKSA-2007:149
	cret@cert.org	http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html
	cret@cert.org	http://www.securityfocus.com/bid/25076
	cret@cert.org	http://www.securitytracker.com/id?1018441
	cret@cert.org	http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385
	cret@cert.org	http://www.vupen.com/english/advisories/2007/2628
	cret@cert.org	http://www.vupen.com/english/advisories/2007/2914
	cret@cert.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35571
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26227
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26236
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26509
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26515
	af854a3a-2127-422b-91ae-364da2661108	http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903
	af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml
	af854a3a-2127-422b-91ae-364da2661108	http://www.isc.org/index.pl?/sw/bind/bind-security.php
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2007:149
	af854a3a-2127-422b-91ae-364da2661108	http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25076
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1018441
	af854a3a-2127-422b-91ae-364da2661108	http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2628
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2914
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35571

Impacted products

Vendor	Product	Version
isc	bind	9.4.0
isc	bind	9.4.1
isc	bind	9.5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D7C7524-6943-4D94-8835-0221F0F0CD63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "916D4013-27A5-4688-A985-A9B77F90AC45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "32CEF8AD-9EE7-4ADA-888E-883751962529",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache."
    },
    {
      "lang": "es",
      "value": "La lista de control de acceso por defecto (ACL) en ISC BIND 9.4.0, 9.4.1, y 9.5.0a1 hasta 9.5.0a5 no asigna las ACLs allow-recursion y allow-query-cache, lo cual permite a atacantes remotos realizar consultas recursivas y consultar la cache."
    }
  ],
  "id": "CVE-2007-2925",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-07-24T17:30:00.000",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/26227"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/26236"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/26509"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/26515"
    },
    {
      "source": "cret@cert.org",
      "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=623903"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:149"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securityfocus.com/bid/25076"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securitytracker.com/id?1018441"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.521385"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.vupen.com/english/advisories/2007/2628"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.vupen.com/english/advisories/2007/2914"
    },
    {
      "source": "cret@cert.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35571"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26236"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26515"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=623903"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1018441"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.521385"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2914"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35571"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issu did not affect the versions of bind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
      "lastModified": "2007-07-26T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-2925

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-2925

Aliases

CVE-2007-2925

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-2925",
    "description": "The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.",
    "id": "GSD-2007-2925",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-2925.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-2925"
      ],
      "details": "The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.",
      "id": "GSD-2007-2925",
      "modified": "2023-12-13T01:21:37.559101Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2007-2925",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "25076",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25076"
          },
          {
            "name": "ADV-2007-2914",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2914"
          },
          {
            "name": "1018441",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1018441"
          },
          {
            "name": "ADV-2007-2628",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2628"
          },
          {
            "name": "26509",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26509"
          },
          {
            "name": "MDKSA-2007:149",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:149"
          },
          {
            "name": "isc-bind-acl-security-bypass(35571)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35571"
          },
          {
            "name": "GLSA-200708-13",
            "refsource": "GENTOO",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml"
          },
          {
            "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=623903",
            "refsource": "CONFIRM",
            "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=623903"
          },
          {
            "name": "SSA:2007-207-01",
            "refsource": "SLACKWARE",
            "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.521385"
          },
          {
            "name": "http://www.isc.org/index.pl?/sw/bind/bind-security.php",
            "refsource": "CONFIRM",
            "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"
          },
          {
            "name": "26227",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26227"
          },
          {
            "name": "26515",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26515"
          },
          {
            "name": "26236",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26236"
          },
          {
            "name": "OpenPKG-SA-2007.022",
            "refsource": "OPENPKG",
            "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2007-2925"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.isc.org/index.pl?/sw/bind/bind-security.php",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"
            },
            {
              "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=623903",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=623903"
            },
            {
              "name": "GLSA-200708-13",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml"
            },
            {
              "name": "MDKSA-2007:149",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:149"
            },
            {
              "name": "OpenPKG-SA-2007.022",
              "refsource": "OPENPKG",
              "tags": [],
              "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html"
            },
            {
              "name": "SSA:2007-207-01",
              "refsource": "SLACKWARE",
              "tags": [],
              "url": "http://www.slackware.org/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.521385"
            },
            {
              "name": "25076",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/25076"
            },
            {
              "name": "1018441",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1018441"
            },
            {
              "name": "26227",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/26227"
            },
            {
              "name": "26509",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/26509"
            },
            {
              "name": "26515",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/26515"
            },
            {
              "name": "26236",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/26236"
            },
            {
              "name": "ADV-2007-2914",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2914"
            },
            {
              "name": "ADV-2007-2628",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2628"
            },
            {
              "name": "isc-bind-acl-security-bypass(35571)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35571"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-30T16:27Z",
      "publishedDate": "2007-07-24T17:30Z"
    }
  }
}

CERTA-2007-AVI-327

Vulnerability from certfr_avis - Published: 2007-07-24 - Updated: 2007-08-22

Une vulnérabilité découverte dans BIND permet à une personne malintentionnée de contourner la politique de sécurité.

Description

Une vulnérabilité a été identifiée dans BIND. La faille concerne le générateur d'identifiants de requêtes, vulnérable à une cryptanalyse permettant une chance élevée de deviner le prochain identifiant pour la moitié des requêtes. Ceci peut être exploité par une personne malintentionnée pour effectuer du cache poisoning et donc contourner la politique de sécurité.

Une seconde vulnérabilité concerne les listes de contrôle d'accès (ACL) par défaut dans BIND. Elles ne prennent pas en compte la possibilité de faire des requêtes récursives ou d'interroger le cache.

Solution

Se référer au bulletin de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
ISC	BIND	BIND 9.4.0, 9.4.1 ;
ISC	BIND	BIND 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.7, 9.2.8 ;
ISC	BIND	BIND 9.1 (toutes versions) ;
ISC	BIND	BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.3.4 ;
ISC	BIND	BIND 9.5.0a1, 9.5.0a2, 9.5.0a3, 9.5.0a4, 9.5.0a5.
ISC	BIND	BIND 9.0 (toutes versions) ;

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-2925 (GCVE-0-2007-2925)

GHSA-439F-HV4Q-RMC5

FKIE_CVE-2007-2925

GSD-2007-2925

CERTA-2007-AVI-327

Description

Solution

Tags

Sightings

Nomenclature