A vulnerability has been reported in BIND, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to named not properly applying the "allow-query" ACL in the "view" or "global" options if the "allow-query" ACL is not set in the zone statement, which can be exploited to bypass intended query restrictions.
Successful exploitation requires that named is running as authoritative server for the zone.
The vulnerability is reported in version 9.7.2-P2.
Solution: Update to version 9.7.2-P3.
Provided and/or discovered by: Reported by the vendor.
Original Advisory: https://www.isc.org/software/bind/advisories/cve-2010-3615
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org