* Mark Andrews:

> Access Vector: Network exploitable
> Access Complexity: Low
> Authentication: Not required to exploit
> Impact Type:Allows disruption of service
>
> I fail to see how this could ever have been classified as
> Access Complexity: Low.

I believe the CVSS scoring for those old entries was generated
semi-automatically.  There's also very little public information
available about this issue.

> Looking at the CVE it looks like this bug fix contains the correction.
>
> 2013.   [bug]           Handle unexpected TSIGs on unsigned AXFR/IXFR
>                         responses more gracefully. [RT #15941]
>
>> What was the first BIND version that fixed it?
>
> 9.2.7, 9.3.3, 9.4.0.

Thanks, this is helpful.  I've adjusted Debian's records.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to