{"vuid":"VU#784855","idnumber":"784855","name":"Unexpected ACL Behavior in BIND 9.7.2","keywords":["BIND","cache data","acl"],"overview":"A flaw exists in BIND 9.7.2 through 9.7.2-P1 pertaining to how an ACL is applied.","clean_desc":"There is a flaw in BIND 9.7.2 through 9.7.2-P1 where the wrong ACL is applied. This flaw could allow access to a cache via recursion even though the ACL disallowed it. This bug is primarily a risk to operators running both authoritative and recursive DNS on the same BIND server in the same view.","impact":"A loss of confidentiality in cache data exists.","resolution":"Upgrade to BIND 9.7.2-P2","workarounds":"","sysaffected":"","thanks":"","author":"This document was written by Jared Allar.","public":["https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html","http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html"],"cveids":["CVE-2010-0218"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2010-09-29T20:30:46Z","publicdate":"2010-09-28T00:00:00Z","datefirstpublished":"2010-09-30T13:37:05Z","dateupdated":"2010-09-30T13:49:18Z","revision":8,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"2","cam_widelyknown":"8","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"10","cam_impact":"2","cam_easeofexploitation":"1","cam_attackeraccessrequired":"1","cam_scorecurrent":"0.00675","cam_scorecurrentwidelyknown":"0.01125","cam_scorecurrentwidelyknownexploited":"0.01875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.00675,"vulnote":null}