Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-3141

CWE-4288 documents8 sources

Severity

7.8HIGH

EPSS

3.1%

top 13.19%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

ISC Bind ISC Bind 9

Timeline

PublishedJan 16

Latest updateMay 13

Description

The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 0.6 | Impact: 6.0

Affected Packages3 packages

▶Alpinebind< 9.11.3-r0+1

▶NVDisc/bind9.2.6 — 9.2.9+7

▶CVEListV5isc/bind_99.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1

🔴Vulnerability Details

GHSA

GHSA-6j28-2p63-cr4r: The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system perm↗2022-05-13

▶

CVEList

Windows service and uninstall paths are not quoted when BIND is installed↗2019-01-16

▶

OSV

CVE-2017-3141: The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system perm↗2019-01-16

▶

💥Exploits & PoCs

Exploit-DB

BIND 9.10.5 - Unquoted Service Path Privilege Escalation↗2017-06-05

▶

📋Vendor Advisories

Red Hat

bind: BIND installer on Windows uses an unquoted service path which allows privilege escalation↗2017-06-14

▶

Debian

CVE-2017-3141: bind9 - The BIND installer on Windows uses an unquoted service path which can enable a l...↗2017

▶

💬Community

Bugzilla

CVE-2017-3141 bind: BIND installer on Windows uses an unquoted service path which allows privilege escalation↗2017-06-14

▶