Insecure Permissions in BIND TSIG Key Files Allow Unauthorized DNS Updates

Insecure Permissions in BIND TSIG Key Files Allow Unauthorized DNS Updates

CVE-2001-0497 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.

Learn more about our Cis Benchmark Audit For Bind.