CVE-2017-3142

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.

References

http://www.securityfocus.com/bid/99339

http://www.securitytracker.com/id/1038809

https://access.redhat.com/errata/RHSA-2017:1679

https://access.redhat.com/errata/RHSA-2017:1680

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us

https://kb.isc.org/docs/aa-01504

https://security.netapp.com/advisory/ntap-20190830-0003/

https://www.debian.org/security/2017/dsa-3904

Details

Source: MITRE

Published: 2019-01-16

Updated: 2019-08-30

Type: CWE-20

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 2.2

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.4.0 to 9.8.8 (inclusive)

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.9.0 to 9.9.10 (inclusive)

cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.10.0 to 9.10.5 (inclusive)

cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.11.0 to 9.11.1 (inclusive)

cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Tenable Plugins

View all (37 total)

IDNameProductFamilySeverity
137170OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)NessusOracleVM Local Security Checks
high
127330NewStart CGSL MAIN 4.05 : bind Multiple Vulnerabilities (NS-SA-2019-0102)NessusNewStart CGSL Local Security Checks
medium
124936EulerOS Virtualization 3.0.1.0 : bind (EulerOS-SA-2019-1433)NessusHuawei Local Security Checks
medium
121068Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)NessusJunos Local Security Checks
high
119217Virtuozzo 6 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2017-1679)NessusVirtuozzo Local Security Checks
medium
112170OracleVM 3.3 / 3.4 : bind (OVMSA-2018-0252)NessusOracleVM Local Security Checks
high
105442F5 Networks BIG-IP : BIND vulnerability (K59448931)NessusF5 Networks Local Security Checks
low
104579Virtuozzo 7 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2017-1680)NessusVirtuozzo Local Security Checks
low
103319Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : bind9 regression (USN-3346-2)NessusUbuntu Local Security Checks
medium
102822AIX bind Advisory : bind_advisory16.asc (IV98826) (IV98827)NessusAIX Local Security Checks
high
102388Fedora 24 : 12:dhcp / bind99 (2017-59127a606c)NessusFedora Local Security Checks
medium
102228EulerOS 2.0 SP2 : bind (EulerOS-SA-2017-1141)NessusHuawei Local Security Checks
low
102227EulerOS 2.0 SP1 : bind (EulerOS-SA-2017-1140)NessusHuawei Local Security Checks
low
101933Amazon Linux AMI : bind (ALAS-2017-858)NessusAmazon Linux Local Security Checks
medium
101677Fedora 26 : 12:dhcp / bind99 (2017-87f1f8c798)NessusFedora Local Security Checks
medium
101603Fedora 26 : 32:bind (2017-30f678e62a)NessusFedora Local Security Checks
medium
101536Debian DLA-1025-1 : bind9 security updateNessusDebian Local Security Checks
medium
101494Fedora 24 : 32:bind / bind-dyndb-ldap / dnsperf (2017-001f135337)NessusFedora Local Security Checks
medium
101326Fedora 25 : 12:dhcp / bind99 (2017-167cfa7b09)NessusFedora Local Security Checks
medium
101322Debian DSA-3904-1 : bind9 - security updateNessusDebian Local Security Checks
medium
101280openSUSE Security Update : bind (openSUSE-2017-783)NessusSuSE Local Security Checks
medium
101257Scientific Linux Security Update : bind on SL7.x x86_64 (20170705)NessusScientific Linux Local Security Checks
medium
101256Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20170705)NessusScientific Linux Local Security Checks
medium
101254RHEL 7 : bind (RHSA-2017:1680)NessusRed Hat Local Security Checks
medium
101253RHEL 6 : bind (RHSA-2017:1679)NessusRed Hat Local Security Checks
medium
101252OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0122)NessusOracleVM Local Security Checks
medium
101250Oracle Linux 7 : bind (ELSA-2017-1680)NessusOracle Linux Local Security Checks
medium
101249Oracle Linux 6 : bind (ELSA-2017-1679)NessusOracle Linux Local Security Checks
medium
101246Fedora 25 : 32:bind / bind-dyndb-ldap / dnsperf (2017-d04f7ddd73)NessusFedora Local Security Checks
medium
101236CentOS 7 : bind (CESA-2017:1680)NessusCentOS Local Security Checks
medium
101235CentOS 6 : bind (CESA-2017:1679)NessusCentOS Local Security Checks
medium
101232ISC BIND 9 < 9.9.10-P2 / 9.9.10-S3 / 9.10.5-P2 / 9.10.5-S3 / 9.11.1-P2 Multiple VulnerabilitiesNessusDNS
medium
101157Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : bind9 vulnerabilities (USN-3346-1)NessusUbuntu Local Security Checks
medium
101147SUSE SLES12 Security Update : bind (SUSE-SU-2017:1738-1)NessusSuSE Local Security Checks
medium
101146SUSE SLES11 Security Update : bind (SUSE-SU-2017:1737-1)NessusSuSE Local Security Checks
medium
101145SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2017:1736-1)NessusSuSE Local Security Checks
medium
101116Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : bind (SSA:2017-180-02)NessusSlackware Local Security Checks
medium