Twenty Year Anniversary
Showing 1 - 7 of 7 RSS Feed

CVE-2017-3142

Status Candidate

Overview

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Related Files

Ubuntu Security Notice USN-3346-3
Posted Nov 8, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3346-3 - USN-3346-1 and USN-3346-2 fixed two vulnerabilities in Bind and a regression, respectively. This update provides the corresponding update for Ubuntu 12.04 ESM. Clément Berthaux discovered that Bind did not correctly check TSIG A authentication for zone update requests. An attacker could use this A to improperly perform zone updates. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-3142, CVE-2017-3143
MD5 | 8c283ecd7b6c2e7e25bd7b8dbbf59cd7
Ubuntu Security Notice USN-3346-2
Posted Sep 18, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3346-2 - USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem. In addition, this update adds the new root zone key signing key. Various other issues were also addressed.

tags | advisory, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-3142, CVE-2017-3143
MD5 | 6f82feb480bd6612b9d8ced44919b34e
HP Security Bulletin HPESBUX03772 1
Posted Sep 7, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBUX03772 1 - Potential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to allow Denial of Service (DoS), and unauthorized read access to data. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2017-3140, CVE-2017-3142, CVE-2017-3143
MD5 | 3575462c925b1a3c40d32dfadb28087c
Debian Security Advisory 3904-1
Posted Jul 8, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3904-1 - ClA(c)ment Berthaux from Synaktiv discovered two vulnerabilities in BIND, a DNS server implementation. They allow an attacker to bypass TSIG authentication by sending crafted DNS packets to a server.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2017-3142, CVE-2017-3143
MD5 | 614af9c12cc1f45c436a7ec95a3703db
Red Hat Security Advisory 2017-1680-01
Posted Jul 5, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1680-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG signature for a dynamic update request.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-3142, CVE-2017-3143
MD5 | cdacd179908a42903295f16f15da3b9a
Red Hat Security Advisory 2017-1679-01
Posted Jul 5, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1679-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG signature for a dynamic update request.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-3142, CVE-2017-3143
MD5 | 82d93746aa9b35a9eebb7c0f5c028c07
Ubuntu Security Notice USN-3346-1
Posted Jun 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3346-1 - Clement Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. Clement Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire zones.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2017-3142, CVE-2017-3143
MD5 | 64ba1a86998e890e6e111e8ae95e7d42
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    17 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close