Fix for CVE-2006-2073
Florian Weimer
fw at deneb.enyo.de
Wed Oct 19 17:39:41 UTC 2011
* Mark Andrews:
> Access Vector: Network exploitable
> Access Complexity: Low
> Authentication: Not required to exploit
> Impact Type:Allows disruption of service
>
> I fail to see how this could ever have been classified as
> Access Complexity: Low.
I believe the CVSS scoring for those old entries was generated
semi-automatically. There's also very little public information
available about this issue.
> Looking at the CVE it looks like this bug fix contains the correction.
>
> 2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
> responses more gracefully. [RT #15941]
>
>> What was the first BIND version that fixed it?
>
> 9.2.7, 9.3.3, 9.4.0.
Thanks, this is helpful. I've adjusted Debian's records.
More information about the bind-users
mailing list