CVE-2001-0497

Name of the Vulnerable Software and Affected Versions: BIND versions 8.2.4 and earlier BIND versions 9.1.2 and earlier

Description: The issue allows attackers to obtain HMAC-MD5 shared secret keys used for DNS Transactional Signatures (TSIG) due to insecure permissions set by dnskeygen in BIND 8 and dnssec-keygen in BIND 9. This could enable attackers to perform dynamic DNS updates.

Recommendations: For BIND versions 8.2.4 and earlier, update the permissions of the HMAC-MD5 shared secret key file to secure it. For BIND versions 9.1.2 and earlier, update the permissions of the HMAC-MD5 shared secret key file to secure it. As a temporary workaround, consider restricting access to the dnssec-keygen and dnskeygen tools until a patch is available.