VULHUB ™

The Berkeley Internet Name Daemon (Bind) is a freely available, open source name server daemon. It is maintained by the Internet Software Consortium (ISC). Bind is commonly used on Linux and Unix Operating Systems. The implementation of BIND 9 included with Mandrake does not use secure permissions on files containing sensitive information. Under some circumstances, it may be possible for a local user to read the contents of the /etc/rndc.conf file, which contains sensitive information such as cryptographic passphrases and domain authority information. This permissions problem also applies to the /etc/rndc.key file. Additionally, users may also execute the rndc-confgen and rndc programs, which could present potential security problems such as the generation of malicious DNS configuration files.

The Berkeley Internet Name Daemon (Bind) is a freely available, open source name server daemon. It is maintained by the Internet Software Consortium (ISC). Bind is commonly used on Linux and Unix Operating Systems. The implementation of BIND 9 included with Mandrake does not use secure permissions on files containing sensitive information. Under some circumstances, it may be possible for a local user to read the contents of the /etc/rndc.conf file, which contains sensitive information such as cryptographic passphrases and domain authority information. This permissions problem also applies to the /etc/rndc.key file. Additionally, users may also execute the rndc-confgen and rndc programs, which could present potential security problems such as the generation of malicious DNS configuration files.