Executive Summary

Informations
NameCVE-2001-0497First vendor Publication2001-07-21
VendorCveLast vendor Modification2018-09-20

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score4.6Attack RangeLocal
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides unauthorized access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0497

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-1Accessing Functionality Not Properly Constrained by ACLs
CAPEC-19Embedding Scripts within Scripts
CAPEC-81Web Logs Tampering

CWE : Common Weakness Enumeration

%idName

CPE : Common Platform Enumeration

TypeDescriptionCount
Application55

Open Source Vulnerability Database (OSVDB)

idDescription
5609ISC BIND dnskeygen HMAC-MD5 Shared Secret Key File Disclosure

Sources (Detail)

SourceUrl
ISS http://xforce.iss.net/alerts/advise78.php
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/6694

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
DateInformations
2019-03-19 12:01:25
  • Multiple Updates
2018-11-30 12:01:07
  • Multiple Updates
2018-09-21 00:19:09
  • Multiple Updates
2017-10-10 09:23:20
  • Multiple Updates
2016-06-28 14:55:55
  • Multiple Updates
2016-04-26 11:53:17
  • Multiple Updates
2013-05-11 12:04:14
  • Multiple Updates