CVE-2001-0497

dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.

Date published : 2002-03-09

http://xforce.iss.net/alerts/advise78.php

http://www.osvdb.org/5609