exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2017-3142

Status Candidate

Overview

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.

Related Files

Ubuntu Security Notice USN-3346-3
Posted Nov 8, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3346-3 - USN-3346-1 and USN-3346-2 fixed two vulnerabilities in Bind and a regression, respectively. This update provides the corresponding update for Ubuntu 12.04 ESM. Clément Berthaux discovered that Bind did not correctly check TSIG A authentication for zone update requests. An attacker could use this A to improperly perform zone updates. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-3142, CVE-2017-3143
SHA-256 | 0b4c39cc93baef5636624dee4c10c7c58448981339cef25992ca819b138ac27a
Ubuntu Security Notice USN-3346-2
Posted Sep 18, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3346-2 - USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem. In addition, this update adds the new root zone key signing key. Various other issues were also addressed.

tags | advisory, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-3142, CVE-2017-3143
SHA-256 | ba269e77b4f4595013c6acdfe974b0ae07d2337e57573df22af9751fa9d7abda
HPE Security Bulletin HPESBUX03772 1
Posted Sep 7, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBUX03772 1 - Potential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to allow Denial of Service (DoS), and unauthorized read access to data. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2017-3140, CVE-2017-3142, CVE-2017-3143
SHA-256 | d052d1d36421886aa892f783d7c2fcc936d36c83861414f591ccae68affbfb54
Debian Security Advisory 3904-1
Posted Jul 8, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3904-1 - ClA(c)ment Berthaux from Synaktiv discovered two vulnerabilities in BIND, a DNS server implementation. They allow an attacker to bypass TSIG authentication by sending crafted DNS packets to a server.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2017-3142, CVE-2017-3143
SHA-256 | e68501e7faceaa57c1986d8bb4e0bb5e463c44ffc517d95422101b0a852c6a77
Red Hat Security Advisory 2017-1680-01
Posted Jul 5, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1680-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG signature for a dynamic update request.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-3142, CVE-2017-3143
SHA-256 | ae6f1d26e065f8c55d963620aa808f7d613ede3c6c4756db295cb2df8c1ef7a0
Red Hat Security Advisory 2017-1679-01
Posted Jul 5, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1679-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG signature for a dynamic update request.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-3142, CVE-2017-3143
SHA-256 | 3ebff34db87fde92646e5a398e546eebc9e1e0a93bcbd0c13de2e9b93373c4c0
Ubuntu Security Notice USN-3346-1
Posted Jun 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3346-1 - Clement Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. Clement Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire zones.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2017-3142, CVE-2017-3143
SHA-256 | 8c0a85a29d7e094864d1ecfcffae3ea3162517bb7e02a399d5a29154df774192
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close