CVE-2017-3142
Severity
3.7LOW
EPSS
5.0%
top 10.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 16
Latest updateMay 14
Description
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.…
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4
Affected Packages7 packages
▶CVEListV5isc/bind_99.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2
Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 7.3, 7.4, 7.6, 7.5
🔴Vulnerability Details
5GHSA▶
GHSA-jhf7-373h-xx92: An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circ↗2022-05-14
OSV▶
CVE-2017-3142: An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circ↗2019-01-16
📋Vendor Advisories
5Debian▶
CVE-2017-3142: bind9 - An attacker who is able to send and receive messages to an authoritative DNS ser...↗2017
💬Community
3Bugzilla▶
CVE-2017-3142 bind: An error in TSIG authentication can permit unauthorized zone transfers [fedora-all]↗2017-06-30
Bugzilla▶
CVE-2017-3142 bind99: bind: An error in TSIG authentication can permit unauthorized zone transfers [fedora-all]↗2017-06-30
Bugzilla▶
CVE-2017-3142 bind: An error in TSIG authentication can permit unauthorized zone transfers↗2017-06-29