* Mark Andrews: > Access Vector: Network exploitable > Access Complexity: Low > Authentication: Not required to exploit > Impact Type:Allows disruption of service > > I fail to see how this could ever have been classified as > Access Complexity: Low.
I believe the CVSS scoring for those old entries was generated semi-automatically. There's also very little public information available about this issue. > Looking at the CVE it looks like this bug fix contains the correction. > > 2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR > responses more gracefully. [RT #15941] > >> What was the first BIND version that fixed it? > > 9.2.7, 9.3.3, 9.4.0. Thanks, this is helpful. I've adjusted Debian's records. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users