[原文]dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
ISC BIND 8.2.4 and earlier and ISC BIND 9.1.2 and earlier contain a flaw in two helper programs that may lead to an unauthorized information disclosure. The issue is triggered when the dnskeygen utility (BIND 8) or the dnssec-keygen utility (BIND 9) are used to generate key files used in secure communications. The files created are not set with sufficently secure permissions which will disclose of the shared secret keys. These keys can be used to make dynamic updated to the BIND server resulting in a loss of integerty.
Upgrade to version 8.3 or higher for BIND 8 or 9.1.3rc1 or higher for BIND 9, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.