CVE-2010-3615

NameCVE-2010-3615
Descriptionnamed in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs605876

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)stretch1:9.10.3.dfsg.P4-12.3+deb9u6fixed
stretch (security)1:9.10.3.dfsg.P4-12.3+deb9u8fixed
buster, buster (security)1:9.11.5.P4+dfsg-5.1+deb10u3fixed
bullseye, sid1:9.16.13-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bind9sourcelenny(not affected)
bind9source(unstable)1:9.7.2.dfsg.P3-1605876

Notes

[lenny] - bind9 <not-affected> (Doesn't affect 9.6 ESV)
http://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html

Search for package or bug name: Reporting problems