Created
June 29, 2017 21:04
-
-
Save aegiap/ff907b9c2bfbba6deec4b94a2a4d1a9f to your computer and use it in GitHub Desktop.
CVE bind9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE: CVE-2017-3142 | |
Document Version: 2.0 | |
Posting date: 29 June 2017 | |
Program Impacted: BIND | |
Versions affected: 9.4.0 -> 9.8.8, 9.9.0 -> 9.9.10-P1, 9.10.0 -> | |
9.10.5-P1, | |
9.11.0 -> 9.11.1-P1, 9.9.3-S1 -> 9.9.10-S2, | |
9.10.5-S1 -> 9.10.5-S2 | |
Severity: Medium | |
Exploitable: Remotely | |
Description: | |
An attacker who is able to send and receive messages to an | |
authoritative DNS server and who has knowledge of a valid TSIG | |
key name may be able to circumvent TSIG authentication of AXFR | |
requests via a carefully constructed request packet. A server | |
that relies solely on TSIG keys for protection with no other ACL | |
protection could be manipulated into: | |
- providing an AXFR of a zone to an unauthorized recipient | |
- accepting bogus NOTIFY packets | |
Impact: | |
An unauthorized AXFR (full zone transfer) permits an attacker | |
to view the entire contents of a zone. Protection of zone | |
contents is often a commercial or business requirement. | |
If accepted, a NOTIFY sets the zone refresh interval to 'now'. | |
If there is not already a refresh cycle in progress then named | |
will initiate one by asking for the SOA RR from its list of | |
masters. If there is already a refresh cycle in progress, then | |
named will queue the new refresh request. If there is already | |
a queued refresh request, the new NOTIFY will be discarded. | |
Bogus notifications can't be used to force a zone transfer from | |
a malicious server, but could trigger a high rate of zone refresh | |
cycles. | |
CVSS Score: 5.3 | |
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | |
# ---------------------------------------------------------------- | |
CVE: CVE-2017-3143 | |
Document Version: 2.0 | |
Posting date: 29 June 2017 | |
Program Impacted: BIND | |
Versions affected: 9.4.0 -> 9.8.8, 9.9.0 -> 9.9.10-P1, 9.10.0 -> | |
9.10.5-P1, | |
9.11.0 -> 9.11.1-P1, 9.9.3-S1 -> 9.9.10-S2, | |
9.10.5-S1 -> 9.10.5-S2 | |
Severity: High | |
Exploitable: Remotely | |
Description: | |
An attacker who is able to send and receive messages to an | |
authoritative DNS server and who has knowledge of a valid TSIG | |
key name for the zone and service being targeted may be able | |
to manipulate BIND into accepting an unauthorized dynamic update. | |
Impact: | |
A server that relies solely on TSIG keys with no other address-based | |
ACL protection could be vulnerable to malicious zone content | |
manipulation using this technique. | |
CVSS Score: 7.5 | |
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment