subject:"Fix for CVE\-2006\-2073"

Fix for CVE-2006-2073

2011-10-18 Thread Florian Weimer

I've noticed that nobody seems to have accurate information about CVE-2006-2073 on file. This was a vulnerability in handling TSIG-based authentication *after* authentication, so it wasn't a high priority issue. What was the first BIND version that fixed it? __

Re: Fix for CVE-2006-2073

2011-10-18 Thread Mark Andrews

In message <87k482kw0l@mid.deneb.enyo.de>, Florian Weimer writes: > I've noticed that nobody seems to have accurate information about > CVE-2006-2073 on file. This was a vulnerability in handling > TSIG-based authentication *after* authentication, so it wasn't a high > priority issue. Actual

Re: Fix for CVE-2006-2073

2011-10-19 Thread Florian Weimer

* Mark Andrews: > Access Vector: Network exploitable > Access Complexity: Low > Authentication: Not required to exploit > Impact Type:Allows disruption of service > > I fail to see how this could ever have been classified as > Access Complexity: Low. I believe the CVSS scoring for those old entri

Fix for CVE-2006-2073

Re: Fix for CVE-2006-2073

Re: Fix for CVE-2006-2073

3 matches

Site Navigation

Mail list logo

Footer information