OpenCVE

The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Isc	Bind

Configuration 1 [-]

OR	cpe:2.3:a:isc:bind:9.4.0:::::::*
	cpe:2.3:a:isc:bind:9.4.1:::::::*
	cpe:2.3:a:isc:bind:9.5.0:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/26227
http://secunia.com/advisories/26236
http://secunia.com/advisories/26509
http://secunia.com/advisories/26515
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903
http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml
http://www.isc.org/index.pl?/sw/bind/bind-security.php
http://www.mandriva.com/security/advisories?name=MDKSA-2007:149
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html
http://www.securityfocus.com/bid/25076
http://www.securitytracker.com/id?1018441
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385
http://www.vupen.com/english/advisories/2007/2628
http://www.vupen.com/english/advisories/2007/2914
https://exchange.xforce.ibmcloud.com/vulnerabilities/35571
https://nvd.nist.gov/vuln/detail/CVE-2007-2925
https://www.cve.org/CVERecord?id=CVE-2007-2925

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2007-07-24T17:00:00

Updated: 2024-08-07T13:57:54.472Z

Reserved: 2007-05-30T00:00:00

Link: CVE-2007-2925

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-07-24T17:30:00.000

Modified: 2024-11-21T00:31:58.937

Link: CVE-2007-2925

Redhat

Severity : Moderate

Publid Date: 2007-07-23T00:00:00Z

Links: CVE-2007-2925 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-24T00:00:00", "descriptions": [{"lang": "en", "value": "The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "25076", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25076"}, {"name": "ADV-2007-2914", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2914"}, {"name": "1018441", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018441"}, {"name": "ADV-2007-2628", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2628"}, {"name": "26509", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26509"}, {"name": "MDKSA-2007:149", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:149"}, {"name": "isc-bind-acl-security-bypass(35571)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35571"}, {"name": "GLSA-200708-13", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903"}, {"name": "SSA:2007-207-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"}, {"name": "26227", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26227"}, {"name": "26515", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26515"}, {"name": "26236", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26236"}, {"name": "OpenPKG-SA-2007.022", "tags": ["vendor-advisory", "x_refsource_OPENPKG"], "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2007-2925", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "25076", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25076"}, {"name": "ADV-2007-2914", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2914"}, {"name": "1018441", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018441"}, {"name": "ADV-2007-2628", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2628"}, {"name": "26509", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26509"}, {"name": "MDKSA-2007:149", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:149"}, {"name": "isc-bind-acl-security-bypass(35571)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35571"}, {"name": "GLSA-200708-13", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml"}, {"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903", "refsource": "CONFIRM", "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903"}, {"name": "SSA:2007-207-01", "refsource": "SLACKWARE", "url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385"}, {"name": "http://www.isc.org/index.pl?/sw/bind/bind-security.php", "refsource": "CONFIRM", "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"}, {"name": "26227", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26227"}, {"name": "26515", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26515"}, {"name": "26236", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26236"}, {"name": "OpenPKG-SA-2007.022", "refsource": "OPENPKG", "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:57:54.472Z"}, "title": "CVE Program Container", "references": [{"name": "25076", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25076"}, {"name": "ADV-2007-2914", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2914"}, {"name": "1018441", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018441"}, {"name": "ADV-2007-2628", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2628"}, {"name": "26509", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26509"}, {"name": "MDKSA-2007:149", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:149"}, {"name": "isc-bind-acl-security-bypass(35571)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35571"}, {"name": "GLSA-200708-13", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903"}, {"name": "SSA:2007-207-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"}, {"name": "26227", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26227"}, {"name": "26515", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26515"}, {"name": "26236", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26236"}, {"name": "OpenPKG-SA-2007.022", "tags": ["vendor-advisory", "x_refsource_OPENPKG", "x_transferred"], "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2007-2925", "datePublished": "2007-07-24T17:00:00", "dateReserved": "2007-05-30T00:00:00", "dateUpdated": "2024-08-07T13:57:54.472Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6D7C7524-6943-4D94-8835-0221F0F0CD63", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "916D4013-27A5-4688-A985-A9B77F90AC45", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "32CEF8AD-9EE7-4ADA-888E-883751962529", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache."}, {"lang": "es", "value": "La lista de control de acceso por defecto (ACL) en ISC BIND 9.4.0, 9.4.1, y 9.5.0a1 hasta 9.5.0a5 no asigna las ACLs allow-recursion y allow-query-cache, lo cual permite a atacantes remotos realizar consultas recursivas y consultar la cache."}], "id": "CVE-2007-2925", "lastModified": "2024-11-21T00:31:58.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-07-24T17:30:00.000", "references": [{"source": "cret@cert.org", "url": "http://secunia.com/advisories/26227"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/26236"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/26509"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/26515"}, {"source": "cret@cert.org", "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903"}, {"source": "cret@cert.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml"}, {"source": "cret@cert.org", "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"}, {"source": "cret@cert.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:149"}, {"source": "cret@cert.org", "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/25076"}, {"source": "cret@cert.org", "url": "http://www.securitytracker.com/id?1018441"}, {"source": "cret@cert.org", "url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385"}, {"source": "cret@cert.org", "url": "http://www.vupen.com/english/advisories/2007/2628"}, {"source": "cret@cert.org", "url": "http://www.vupen.com/english/advisories/2007/2914"}, {"source": "cret@cert.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35571"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26227"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26236"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26509"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26515"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=623903"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.isc.org/index.pl?/sw/bind/bind-security.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:149"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/25076"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1018441"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2628"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2914"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35571"}], "sourceIdentifier": "cret@cert.org", "vendorComments": [{"comment": "Not vulnerable. This issu did not affect the versions of bind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.", "lastModified": "2007-07-26T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}