CVE-2017-3143
Severity
5.9MEDIUM
EPSS
26.9%
top 3.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 16
Latest updateMay 13
Description
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages7 packages
▶CVEListV5isc/bind_99.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2
Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 7.3, 7.4, 7.6, 7.5
🔴Vulnerability Details
5GHSA▶
GHSA-jxfm-jqx8-8h25: An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and se↗2022-05-13
OSV▶
CVE-2017-3143: An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and se↗2019-01-16
📋Vendor Advisories
4💬Community
3Bugzilla▶
CVE-2017-3143 bind: An error in TSIG authentication can permit unauthorized dynamic updates [fedora-all]↗2017-06-30
Bugzilla▶
CVE-2017-3143 bind99: bind: An error in TSIG authentication can permit unauthorized dynamic updates [fedora-all]↗2017-06-30
Bugzilla▶
CVE-2017-3143 bind: An error in TSIG authentication can permit unauthorized dynamic updates↗2017-06-29