exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2017-3142

Status Candidate

Overview

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.

Related Files

Ubuntu Security Notice USN-3346-3
Posted Nov 8, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3346-3 - USN-3346-1 and USN-3346-2 fixed two vulnerabilities in Bind and a regression, respectively. This update provides the corresponding update for Ubuntu 12.04 ESM. Clément Berthaux discovered that Bind did not correctly check TSIG A authentication for zone update requests. An attacker could use this A to improperly perform zone updates. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-3142, CVE-2017-3143
SHA-256 | 0b4c39cc93baef5636624dee4c10c7c58448981339cef25992ca819b138ac27a
Ubuntu Security Notice USN-3346-2
Posted Sep 18, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3346-2 - USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem. In addition, this update adds the new root zone key signing key. Various other issues were also addressed.

tags | advisory, root, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-3142, CVE-2017-3143
SHA-256 | ba269e77b4f4595013c6acdfe974b0ae07d2337e57573df22af9751fa9d7abda
HPE Security Bulletin HPESBUX03772 1
Posted Sep 7, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBUX03772 1 - Potential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to allow Denial of Service (DoS), and unauthorized read access to data. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2017-3140, CVE-2017-3142, CVE-2017-3143
SHA-256 | d052d1d36421886aa892f783d7c2fcc936d36c83861414f591ccae68affbfb54
Debian Security Advisory 3904-1
Posted Jul 8, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3904-1 - ClA(c)ment Berthaux from Synaktiv discovered two vulnerabilities in BIND, a DNS server implementation. They allow an attacker to bypass TSIG authentication by sending crafted DNS packets to a server.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2017-3142, CVE-2017-3143
SHA-256 | e68501e7faceaa57c1986d8bb4e0bb5e463c44ffc517d95422101b0a852c6a77
Red Hat Security Advisory 2017-1680-01
Posted Jul 5, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1680-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG signature for a dynamic update request.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-3142, CVE-2017-3143
SHA-256 | ae6f1d26e065f8c55d963620aa808f7d613ede3c6c4756db295cb2df8c1ef7a0
Red Hat Security Advisory 2017-1679-01
Posted Jul 5, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1679-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG signature for a dynamic update request.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2017-3142, CVE-2017-3143
SHA-256 | 3ebff34db87fde92646e5a398e546eebc9e1e0a93bcbd0c13de2e9b93373c4c0
Ubuntu Security Notice USN-3346-1
Posted Jun 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3346-1 - Clement Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. Clement Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire zones.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2017-3142, CVE-2017-3143
SHA-256 | 8c0a85a29d7e094864d1ecfcffae3ea3162517bb7e02a399d5a29154df774192
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close