CVE-2001-0497 Information

Description

dnskeygen in BIND 8.2.4 and earlier and dnssec-keygen in BIND 9.1.2 and earlier set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG) which allows attackers to obtain the keys and perform dynamic DNS updates.

Reference

http://www.osvdb.org/5609 http://xforce.iss.net/alerts/advise78.php https://exchange.xforce.ibmcloud.com/vulnerabilities/6694