CVE-2017-3142

MEDIUM

Description

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.

References

http://www.securityfocus.com/bid/99339

http://www.securitytracker.com/id/1038809

https://access.redhat.com/errata/RHSA-2017:1679

https://access.redhat.com/errata/RHSA-2017:1680

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us

https://kb.isc.org/docs/aa-01504

https://security.netapp.com/advisory/ntap-20190830-0003/

https://www.debian.org/security/2017/dsa-3904

Details

Source: MITRE

Published: 2019-01-16

Updated: 2019-08-30

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 2.2

Severity: LOW

Vulnerable Software

Configuration 1

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.4.0 to 9.8.8 (inclusive)

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.9.0 to 9.9.10 (inclusive)

cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.10.0 to 9.10.5 (inclusive)

cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.11.0 to 9.11.1 (inclusive)

cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*

Configuration 2

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Tenable Plugins

View all (37 total)

ID	Name	Product	Family	Severity
137170	OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)	Nessus	OracleVM Local Security Checks	critical
127330	NewStart CGSL MAIN 4.05 : bind Multiple Vulnerabilities (NS-SA-2019-0102)	Nessus	NewStart CGSL Local Security Checks	medium
124936	EulerOS Virtualization 3.0.1.0 : bind (EulerOS-SA-2019-1433)	Nessus	Huawei Local Security Checks	medium
121068	Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)	Nessus	Junos Local Security Checks	high
119217	Virtuozzo 6 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2017-1679)	Nessus	Virtuozzo Local Security Checks	medium
112170	OracleVM 3.3 / 3.4 : bind (OVMSA-2018-0252)	Nessus	OracleVM Local Security Checks	medium
105442	F5 Networks BIG-IP : BIND vulnerability (K59448931)	Nessus	F5 Networks Local Security Checks	medium
104579	Virtuozzo 7 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2017-1680)	Nessus	Virtuozzo Local Security Checks	medium
103319	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : bind9 regression (USN-3346-2)	Nessus	Ubuntu Local Security Checks	medium
102822	AIX bind Advisory : bind_advisory16.asc (IV98826) (IV98827)	Nessus	AIX Local Security Checks	high
102388	Fedora 24 : 12:dhcp / bind99 (2017-59127a606c)	Nessus	Fedora Local Security Checks	medium
102228	EulerOS 2.0 SP2 : bind (EulerOS-SA-2017-1141)	Nessus	Huawei Local Security Checks	medium
102227	EulerOS 2.0 SP1 : bind (EulerOS-SA-2017-1140)	Nessus	Huawei Local Security Checks	medium
101933	Amazon Linux AMI : bind (ALAS-2017-858)	Nessus	Amazon Linux Local Security Checks	medium
101677	Fedora 26 : 12:dhcp / bind99 (2017-87f1f8c798)	Nessus	Fedora Local Security Checks	medium
101603	Fedora 26 : 32:bind (2017-30f678e62a)	Nessus	Fedora Local Security Checks	medium
101536	Debian DLA-1025-1 : bind9 security update	Nessus	Debian Local Security Checks	medium
101494	Fedora 24 : 32:bind / bind-dyndb-ldap / dnsperf (2017-001f135337)	Nessus	Fedora Local Security Checks	medium
101326	Fedora 25 : 12:dhcp / bind99 (2017-167cfa7b09)	Nessus	Fedora Local Security Checks	medium
101322	Debian DSA-3904-1 : bind9 - security update	Nessus	Debian Local Security Checks	medium
101280	openSUSE Security Update : bind (openSUSE-2017-783)	Nessus	SuSE Local Security Checks	medium
101257	Scientific Linux Security Update : bind on SL7.x x86_64 (20170705)	Nessus	Scientific Linux Local Security Checks	medium
101256	Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20170705)	Nessus	Scientific Linux Local Security Checks	medium
101254	RHEL 7 : bind (RHSA-2017:1680)	Nessus	Red Hat Local Security Checks	medium
101253	RHEL 6 : bind (RHSA-2017:1679)	Nessus	Red Hat Local Security Checks	medium
101252	OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0122)	Nessus	OracleVM Local Security Checks	medium
101250	Oracle Linux 7 : bind (ELSA-2017-1680)	Nessus	Oracle Linux Local Security Checks	medium
101249	Oracle Linux 6 : bind (ELSA-2017-1679)	Nessus	Oracle Linux Local Security Checks	medium
101246	Fedora 25 : 32:bind / bind-dyndb-ldap / dnsperf (2017-d04f7ddd73)	Nessus	Fedora Local Security Checks	medium
101236	CentOS 7 : bind (CESA-2017:1680)	Nessus	CentOS Local Security Checks	medium
101235	CentOS 6 : bind (CESA-2017:1679)	Nessus	CentOS Local Security Checks	medium
101232	ISC BIND 9 < 9.9.10-P2 / 9.9.10-S3 / 9.10.5-P2 / 9.10.5-S3 / 9.11.1-P2 Multiple Vulnerabilities	Nessus	DNS	medium
101157	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : bind9 vulnerabilities (USN-3346-1)	Nessus	Ubuntu Local Security Checks	medium
101147	SUSE SLES12 Security Update : bind (SUSE-SU-2017:1738-1)	Nessus	SuSE Local Security Checks	medium
101146	SUSE SLES11 Security Update : bind (SUSE-SU-2017:1737-1)	Nessus	SuSE Local Security Checks	medium
101145	SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2017:1736-1)	Nessus	SuSE Local Security Checks	medium
101116	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : bind (SSA:2017-180-02)	Nessus	Slackware Local Security Checks	medium