CVE-2017-3141HIGH
Description
The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1.
References
http://www.securityfocus.com/bid/99089
http://www.securitytracker.com/id/1038693
https://kb.isc.org/docs/aa-01496
https://security.gentoo.org/glsa/201708-01
Details
Source: MITRE
Published: 2019-01-16
Updated: 2019-10-09
Type: CWE-428
Risk Information
CVSS v2.0
Base Score: 7.2
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 3.9
Severity: HIGH
CVSS v3.0
Base Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.8
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.2.6 to 9.2.9 (inclusive)
cpe:2.3:a:isc:bind:9.2.6:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.3.2 to 9.3.6 (inclusive)
cpe:2.3:a:isc:bind:9.3.2:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.4.0 to 9.8.8 (inclusive)
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.9.0 to 9.9.10 (inclusive)
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.10.0 to 9.10.5 (inclusive)
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.11.0 to 9.11.1 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 102531 | GLSA-201708-01 : BIND: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 100996 | ISC BIND 9.x.x < 9.9.10-P1 / 9.10.x < 9.10.5-P1 / 9.11.x < 9.11.1-P1 Multiple Vulnerabilities | Nessus | DNS | high |