ID CVE-2017-3143
Summary An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
References
Vulnerable Configurations
  • ISC BIND 9.4.0
    cpe:2.3:a:isc:bind:9.4.0
  • ISC BIND 9.4.0 Alpha 1
    cpe:2.3:a:isc:bind:9.4.0:a1
  • ISC BIND 9.4.0 Alpha 2
    cpe:2.3:a:isc:bind:9.4.0:a2
  • ISC BIND 9.4.0 Alpha 3
    cpe:2.3:a:isc:bind:9.4.0:a3
  • ISC BIND 9.4.0 Alpha 4
    cpe:2.3:a:isc:bind:9.4.0:a4
  • ISC BIND 9.4.0 Alpha 5
    cpe:2.3:a:isc:bind:9.4.0:a5
  • ISC BIND 9.4.0 Alpha 6
    cpe:2.3:a:isc:bind:9.4.0:a6
  • ISC BIND 9.4.0 Beta 1
    cpe:2.3:a:isc:bind:9.4.0:b1
  • ISC BIND 9.4.0 Beta 2
    cpe:2.3:a:isc:bind:9.4.0:b2
  • ISC BIND 9.4.0 Beta 3
    cpe:2.3:a:isc:bind:9.4.0:b3
  • ISC BIND 9.4.0 Beta 4
    cpe:2.3:a:isc:bind:9.4.0:b4
  • ISC BIND 9.4.0rc1
    cpe:2.3:a:isc:bind:9.4.0:rc1
  • ISC BIND 9.4.0 Release Candidate 2
    cpe:2.3:a:isc:bind:9.4.0:rc2
  • ISC BIND 9.4.0a1
    cpe:2.3:a:isc:bind:9.4.0a1
  • ISC BIND 9.4.0a2
    cpe:2.3:a:isc:bind:9.4.0a2
  • ISC BIND 9.4.0a3
    cpe:2.3:a:isc:bind:9.4.0a3
  • ISC BIND 9.4.0a4
    cpe:2.3:a:isc:bind:9.4.0a4
  • ISC BIND 9.4.0a5
    cpe:2.3:a:isc:bind:9.4.0a5
  • ISC BIND 9.4.0a6
    cpe:2.3:a:isc:bind:9.4.0a6
  • ISC BIND 9.4.0b1
    cpe:2.3:a:isc:bind:9.4.0b1
  • ISC BIND 9.4.0b2
    cpe:2.3:a:isc:bind:9.4.0b2
  • ISC BIND 9.4.0b3
    cpe:2.3:a:isc:bind:9.4.0b3
  • ISC BIND 9.4.0b4
    cpe:2.3:a:isc:bind:9.4.0b4
  • ISC BIND 9.4.1
    cpe:2.3:a:isc:bind:9.4.1
  • ISC BIND 9.4.2
    cpe:2.3:a:isc:bind:9.4.2
  • ISC BIND 9.4.2 Patch 2 W1
    cpe:2.3:a:isc:bind:9.4.2:p2_w1
  • ISC BIND 9.4.2 Release Candidate 1
    cpe:2.3:a:isc:bind:9.4.2:rc1
  • ISC BIND 9.4.2 Release Candidate 2
    cpe:2.3:a:isc:bind:9.4.2:rc2
  • ISC BIND 9.4.3
    cpe:2.3:a:isc:bind:9.4.3
  • ISC BIND 9.4.3 Beta 1
    cpe:2.3:a:isc:bind:9.4.3:b1
  • ISC BIND 9.4.3 Beta 2
    cpe:2.3:a:isc:bind:9.4.3:b2
  • ISC BIND 9.4.3 Beta 3
    cpe:2.3:a:isc:bind:9.4.3:b3
  • ISC BIND 9.4.3 Patch 1
    cpe:2.3:a:isc:bind:9.4.3:p1
  • ISC BIND 9.4.3 Patch 2
    cpe:2.3:a:isc:bind:9.4.3:p2
  • ISC BIND 9.4.3 Patch 3
    cpe:2.3:a:isc:bind:9.4.3:p3
  • ISC BIND 9.4.3 Patch 4
    cpe:2.3:a:isc:bind:9.4.3:p4
  • ISC BIND 9.4.3 Patch 5
    cpe:2.3:a:isc:bind:9.4.3:p5
  • ISC BIND 9.4.3 rc1
    cpe:2.3:a:isc:bind:9.4.3:rc1
  • ISC BIND 9.4.3b1
    cpe:2.3:a:isc:bind:9.4.3b1
  • ISC BIND 9.4.3b2
    cpe:2.3:a:isc:bind:9.4.3b2
  • ISC BIND 9.4.3b3
    cpe:2.3:a:isc:bind:9.4.3b3
  • ISC BIND 9.5
    cpe:2.3:a:isc:bind:9.5
  • ISC BIND 9.5.0
    cpe:2.3:a:isc:bind:9.5.0
  • ISC BIND 9.5.0 Alpha 1
    cpe:2.3:a:isc:bind:9.5.0:a1
  • ISC BIND 9.5.0 Alpha 2
    cpe:2.3:a:isc:bind:9.5.0:a2
  • ISC BIND 9.5.0 Alpha 3
    cpe:2.3:a:isc:bind:9.5.0:a3
  • ISC BIND 9.5.0 Alpha 4
    cpe:2.3:a:isc:bind:9.5.0:a4
  • ISC BIND 9.5.0 Alpha 5
    cpe:2.3:a:isc:bind:9.5.0:a5
  • ISC BIND 9.5.0 Alpha 6
    cpe:2.3:a:isc:bind:9.5.0:a6
  • ISC BIND 9.5.0 Alpha 7
    cpe:2.3:a:isc:bind:9.5.0:a7
  • ISC BIND 9.5.0 Beta 1
    cpe:2.3:a:isc:bind:9.5.0:b1
  • ISC BIND 9.5.0 Beta 2
    cpe:2.3:a:isc:bind:9.5.0:b2
  • ISC BIND 9.5.0 Beta 3
    cpe:2.3:a:isc:bind:9.5.0:b3
  • ISC BIND 9.5.0 Patch 1
    cpe:2.3:a:isc:bind:9.5.0:p1
  • ISC BIND 9.5.0 Patch 2
    cpe:2.3:a:isc:bind:9.5.0:p2
  • ISC BIND 9.5.0 Patch 2 W1
    cpe:2.3:a:isc:bind:9.5.0:p2_w1
  • ISC BIND 9.5.0 Patch 2 W2
    cpe:2.3:a:isc:bind:9.5.0:p2_w2
  • ISC BIND 9.5.0 rc1
    cpe:2.3:a:isc:bind:9.5.0:rc1
  • ISC BIND 9.5.0-p1
    cpe:2.3:a:isc:bind:9.5.0-p1
  • ISC BIND 9.5.0-p2
    cpe:2.3:a:isc:bind:9.5.0-p2
  • ISC BIND 9.5.0-p2-w1
    cpe:2.3:a:isc:bind:9.5.0-p2-w1
  • ISC BIND 9.5.0-p2-w2
    cpe:2.3:a:isc:bind:9.5.0-p2-w2
  • ISC BIND 9.5.0a1
    cpe:2.3:a:isc:bind:9.5.0a1
  • ISC BIND 9.5.0a2
    cpe:2.3:a:isc:bind:9.5.0a2
  • ISC BIND 9.5.0a3
    cpe:2.3:a:isc:bind:9.5.0a3
  • ISC BIND 9.5.0a4
    cpe:2.3:a:isc:bind:9.5.0a4
  • ISC BIND 9.5.0a5
    cpe:2.3:a:isc:bind:9.5.0a5
  • ISC BIND 9.5.0a6
    cpe:2.3:a:isc:bind:9.5.0a6
  • ISC BIND 9.5.0a7
    cpe:2.3:a:isc:bind:9.5.0a7
  • ISC BIND 9.5.0b1
    cpe:2.3:a:isc:bind:9.5.0b1
  • ISC BIND 9.5.0b2
    cpe:2.3:a:isc:bind:9.5.0b2
  • ISC BIND 9.5.0b3
    cpe:2.3:a:isc:bind:9.5.0b3
  • ISC BIND 9.5.1
    cpe:2.3:a:isc:bind:9.5.1
  • ISC BIND 9.5.1 Beta 1
    cpe:2.3:a:isc:bind:9.5.1:b1
  • ISC BIND 9.5.1 Beta 2
    cpe:2.3:a:isc:bind:9.5.1:b2
  • ISC BIND 9.5.1 Beta 3
    cpe:2.3:a:isc:bind:9.5.1:b3
  • ISC BIND 9.5.1 rc1
    cpe:2.3:a:isc:bind:9.5.1:rc1
  • ISC BIND 9.5.1 rc2
    cpe:2.3:a:isc:bind:9.5.1:rc2
  • ISC BIND 9.5.1b1
    cpe:2.3:a:isc:bind:9.5.1b1
  • ISC BIND 9.5.1b2
    cpe:2.3:a:isc:bind:9.5.1b2
  • ISC BIND 9.5.1b3
    cpe:2.3:a:isc:bind:9.5.1b3
  • ISC BIND 9.5.2
    cpe:2.3:a:isc:bind:9.5.2
  • ISC BIND 9.5.2 Beta 1
    cpe:2.3:a:isc:bind:9.5.2:b1
  • ISC BIND 9.5.2 Patch 1
    cpe:2.3:a:isc:bind:9.5.2:p1
  • ISC BIND 9.5.2 Patch 2
    cpe:2.3:a:isc:bind:9.5.2:p2
  • ISC BIND 9.5.2 Patch 3
    cpe:2.3:a:isc:bind:9.5.2:p3
  • ISC BIND 9.5.2 Patch 4
    cpe:2.3:a:isc:bind:9.5.2:p4
  • ISC BIND 9.5.2 release candidate 1
    cpe:2.3:a:isc:bind:9.5.2:rc1
  • ISC BIND 9.5.2-p1
    cpe:2.3:a:isc:bind:9.5.2-p1
  • ISC BIND 9.5.2-p2
    cpe:2.3:a:isc:bind:9.5.2-p2
  • ISC BIND 9.5.2-p3
    cpe:2.3:a:isc:bind:9.5.2-p3
  • ISC BIND 9.5.2-p4
    cpe:2.3:a:isc:bind:9.5.2-p4
  • ISC BIND 9.5.2b1
    cpe:2.3:a:isc:bind:9.5.2b1
  • ISC BIND 9.5.3 Beta 1
    cpe:2.3:a:isc:bind:9.5.3:b1
  • ISC BIND 9.5.3 release candidate 1
    cpe:2.3:a:isc:bind:9.5.3:rc1
  • ISC BIND 9.5.3b1
    cpe:2.3:a:isc:bind:9.5.3b1
  • ISC BIND 9.6 Extended Support Version
    cpe:2.3:a:isc:bind:9.6:-:-:-:esv
  • ISC BIND 9.6 Extended Support Version Release 1
    cpe:2.3:a:isc:bind:9.6:r1:-:-:esv
  • ISC BIND 9.6 Extended Support Version Release 2
    cpe:2.3:a:isc:bind:9.6:r2:-:-:esv
  • ISC BIND 9.6 Extended Support Version Release 3
    cpe:2.3:a:isc:bind:9.6:r3:-:-:esv
  • ISC BIND 9.6 Extended Support Version Release 4
    cpe:2.3:a:isc:bind:9.6:r4:-:-:esv
  • ISC BIND 9.6 Extended Support Version Release 4 Patch 1
    cpe:2.3:a:isc:bind:9.6:r4_p1:-:-:esv
  • ISC BIND 9.6 Extended Support Version Release 5
    cpe:2.3:a:isc:bind:9.6:r5:-:-:esv
  • ISC BIND 9.6 Extended Support Version Release 5 Beta 1
    cpe:2.3:a:isc:bind:9.6:r5_b1:-:-:esv
  • ISC BIND 9.6 Extended Support Version Release 5 Patch 1
    cpe:2.3:a:isc:bind:9.6:r5_p1:-:-:esv
  • ISC BIND 9.6 Extended Support Version Release 6
    cpe:2.3:a:isc:bind:9.6:r6:-:-:esv
  • ISC BIND 9.6 Extended Support Version Release 6 Beta 1
    cpe:2.3:a:isc:bind:9.6:r6_b1:-:-:esv
  • ISC BIND 9.6 Extended Support Version Release 6 Release Candidate 1
    cpe:2.3:a:isc:bind:9.6:r6_rc1:-:-:esv
  • ISC BIND 9.6 Extended Support Version Release 6 Release Candidate 2
    cpe:2.3:a:isc:bind:9.6:r6_rc2:-:-:esv
  • ISC BIND 9.6 Extended Support Version Release 7
    cpe:2.3:a:isc:bind:9.6:r7:-:-:esv
  • ISC BIND 9.6 Extended Support Version Release 7 Patch 1
    cpe:2.3:a:isc:bind:9.6:r7_p1:-:-:esv
  • ISC BIND 9.6 Extended Support Version Release 7 Patch 2
    cpe:2.3:a:isc:bind:9.6:r7_p2:-:-:esv
  • ISC BIND 9.6 Extended Support Version Release 9
    cpe:2.3:a:isc:bind:9.6:r9:-:-:esv
  • ISC BIND 9.6 Extended Support Version Release 9 Patch 1
    cpe:2.3:a:isc:bind:9.6:r9_p1:-:-:esv
  • ISC BIND 9.6-esv
    cpe:2.3:a:isc:bind:9.6-esv
  • ISC BIND 9.6-ESV-R1
    cpe:2.3:a:isc:bind:9.6-esv-r1
  • ISC BIND 9.6-ESV-R2
    cpe:2.3:a:isc:bind:9.6-esv-r2
  • ISC BIND 9.6-ESV-R3
    cpe:2.3:a:isc:bind:9.6-esv-r3
  • ISC BIND 9.6-ESV-R4
    cpe:2.3:a:isc:bind:9.6-esv-r4
  • ISC BIND 9.6-ESV-R1-P1
    cpe:2.3:a:isc:bind:9.6-esv-r4-p1
  • ISC BIND 9.6-ESV-R5
    cpe:2.3:a:isc:bind:9.6-esv-r5
  • ISC BIND 9.6-ESV-R5-P1
    cpe:2.3:a:isc:bind:9.6-esv-r5:p1
  • ISC BIND 9.6-ESV-R5b1
    cpe:2.3:a:isc:bind:9.6-esv-r5b1
  • ISC BIND 9.6-ESV-R6
    cpe:2.3:a:isc:bind:9.6-esv-r6
  • ISC BIND 9.6-ESV-R6b1
    cpe:2.3:a:isc:bind:9.6-esv-r6:b1
  • ISC BIND 9.6-ESV-R6rc1
    cpe:2.3:a:isc:bind:9.6-esv-r6:rc1
  • ISC BIND 9.6-ESV-R6rc2
    cpe:2.3:a:isc:bind:9.6-esv-r6:rc2
  • ISC BIND 9.6-ESV-R7
    cpe:2.3:a:isc:bind:9.6-esv-r7
  • ISC BIND 9.6-ESV-R7-P1
    cpe:2.3:a:isc:bind:9.6-esv-r7:p1
  • ISC BIND 9.6-ESV-R7-P2
    cpe:2.3:a:isc:bind:9.6-esv-r7:p2
  • ISC BIND 9.6-ESV-R9
    cpe:2.3:a:isc:bind:9.6-esv-r9
  • ISC BIND 9.6-ESV-R9 P1
    cpe:2.3:a:isc:bind:9.6-esv-r9:p1
  • ISC BIND 9.6.0
    cpe:2.3:a:isc:bind:9.6.0
  • ISC BIND 9.6.0 Alpha 1
    cpe:2.3:a:isc:bind:9.6.0:a1
  • ISC BIND 9.6.0 Beta 1
    cpe:2.3:a:isc:bind:9.6.0:b1
  • ISC BIND 9.6.0 p1
    cpe:2.3:a:isc:bind:9.6.0:p1
  • ISC BIND 9.6.0 rc1
    cpe:2.3:a:isc:bind:9.6.0:rc1
  • ISC BIND 9.6.0 rc2
    cpe:2.3:a:isc:bind:9.6.0:rc2
  • ISC BIND 9.6.0a1
    cpe:2.3:a:isc:bind:9.6.0a1
  • ISC BIND 9.6.0b1
    cpe:2.3:a:isc:bind:9.6.0b1
  • ISC BIND 9.6.1
    cpe:2.3:a:isc:bind:9.6.1
  • ISC BIND 9.6.1 Beta 1
    cpe:2.3:a:isc:bind:9.6.1:b1
  • ISC BIND 9.6.1 P1
    cpe:2.3:a:isc:bind:9.6.1:p1
  • ISC BIND 9.6.1 P2
    cpe:2.3:a:isc:bind:9.6.1:p2
  • ISC BIND 9.6.1 P3
    cpe:2.3:a:isc:bind:9.6.1:p3
  • ISC BIND 9.6.1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.6.1:rc1
  • ISC BIND 9.6.1b1
    cpe:2.3:a:isc:bind:9.6.1b1
  • ISC BIND 9.6.2
    cpe:2.3:a:isc:bind:9.6.2
  • ISC BIND 9.6.2 Beta 1
    cpe:2.3:a:isc:bind:9.6.2:b1
  • ISC BIND 9.6.2 Patch 1
    cpe:2.3:a:isc:bind:9.6.2:p1
  • ISC BIND 9.6.2 Patch 2
    cpe:2.3:a:isc:bind:9.6.2:p2
  • ISC BIND 9.6.2 Patch 3
    cpe:2.3:a:isc:bind:9.6.2:p3
  • ISC BIND 9.6.2 Release Candidate 1
    cpe:2.3:a:isc:bind:9.6.2:rc1
  • ISC BIND 9.6.2-P1
    cpe:2.3:a:isc:bind:9.6.2-p1
  • ISC BIND 9.6.2-P2
    cpe:2.3:a:isc:bind:9.6.2-p2
  • ISC BIND 9.6.2-P3
    cpe:2.3:a:isc:bind:9.6.2-p3
  • ISC BIND 9.6.2b1
    cpe:2.3:a:isc:bind:9.6.2b1
  • ISC BIND 9.6.3
    cpe:2.3:a:isc:bind:9.6.3
  • ISC BIND 9.6.3 Beta 1
    cpe:2.3:a:isc:bind:9.6.3:b1
  • ISC BIND 9.6.3 Release Candidate 1
    cpe:2.3:a:isc:bind:9.6.3:rc1
  • ISC BIND 9.6.3b1
    cpe:2.3:a:isc:bind:9.6.3b1
  • ISC BIND 9.7.0
    cpe:2.3:a:isc:bind:9.7.0
  • ISC BIND 9.7.0 Alpha 1
    cpe:2.3:a:isc:bind:9.7.0:a1
  • ISC BIND 9.7.0 Alpha 2
    cpe:2.3:a:isc:bind:9.7.0:a2
  • ISC BIND 9.7.0 Alpha 3
    cpe:2.3:a:isc:bind:9.7.0:a3
  • ISC BIND 9.7.0 Beta 1
    cpe:2.3:a:isc:bind:9.7.0:b1
  • ISC BIND 9.7.0 Beta 2
    cpe:2.3:a:isc:bind:9.7.0:b2
  • ISC BIND 9.7.0 Beta 3
    cpe:2.3:a:isc:bind:9.7.0:b3
  • ISC BIND 9.7.0 beta
    cpe:2.3:a:isc:bind:9.7.0:beta
  • ISC BIND 9.7.0 p1
    cpe:2.3:a:isc:bind:9.7.0:p1
  • ISC BIND 9.7.0 p2
    cpe:2.3:a:isc:bind:9.7.0:p2
  • ISC BIND 9.7.0 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.0:rc1
  • ISC BIND 9.7.0 Release Candidate 2
    cpe:2.3:a:isc:bind:9.7.0:rc2
  • ISC BIND 9.7.0a1
    cpe:2.3:a:isc:bind:9.7.0a1
  • ISC BIND 9.7.0a2
    cpe:2.3:a:isc:bind:9.7.0a2
  • ISC BIND 9.7.0a3
    cpe:2.3:a:isc:bind:9.7.0a3
  • ISC BIND 9.7.0b1
    cpe:2.3:a:isc:bind:9.7.0b1
  • ISC BIND 9.7.0b2
    cpe:2.3:a:isc:bind:9.7.0b2
  • ISC BIND 9.7.0b3
    cpe:2.3:a:isc:bind:9.7.0b3
  • ISC BIND 9.7.1
    cpe:2.3:a:isc:bind:9.7.1
  • ISC BIND 9.7.1 Beta 1
    cpe:2.3:a:isc:bind:9.7.1:b1
  • ISC BIND 9.7.1 p1
    cpe:2.3:a:isc:bind:9.7.1:p1
  • ISC BIND 9.7.1 p2
    cpe:2.3:a:isc:bind:9.7.1:p2
  • ISC BIND 9.7.1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.1:rc1
  • ISC BIND 9.7.1b1
    cpe:2.3:a:isc:bind:9.7.1b1
  • ISC BIND 9.7.2
    cpe:2.3:a:isc:bind:9.7.2
  • ISC BIND 9.7.2 P1
    cpe:2.3:a:isc:bind:9.7.2:p1
  • ISC BIND 9.7.2 P2
    cpe:2.3:a:isc:bind:9.7.2:p2
  • ISC BIND 9.7.2 P3
    cpe:2.3:a:isc:bind:9.7.2:p3
  • ISC BIND 9.7.2 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.2:rc1
  • ISC BIND 9.7.3
    cpe:2.3:a:isc:bind:9.7.3
  • ISC BIND 9.7.3 B1
    cpe:2.3:a:isc:bind:9.7.3:b1
  • ISC BIND 9.7.3 P1
    cpe:2.3:a:isc:bind:9.7.3:p1
  • ISC BIND 9.7.3 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.3:rc1
  • ISC BIND 9.7.4
    cpe:2.3:a:isc:bind:9.7.4
  • ISC BIND 9.7.4 B1
    cpe:2.3:a:isc:bind:9.7.4:b1
  • ISC BIND 9.7.4P1
    cpe:2.3:a:isc:bind:9.7.4:p1
  • ISC BIND 9.7.4 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.4:rc1
  • ISC BIND 9.7.4b1
    cpe:2.3:a:isc:bind:9.7.4b1
  • ISC BIND 9.7.5
    cpe:2.3:a:isc:bind:9.7.5
  • ISC BIND 9.7.5 B1
    cpe:2.3:a:isc:bind:9.7.5:b1
  • ISC BIND 9.7.5 Release Candidate 1
    cpe:2.3:a:isc:bind:9.7.5:rc1
  • ISC BIND 9.7.5 Release Candidate 2
    cpe:2.3:a:isc:bind:9.7.5:rc2
  • ISC BIND 9.7.6
    cpe:2.3:a:isc:bind:9.7.6
  • ISC BIND 9.7.6-p1
    cpe:2.3:a:isc:bind:9.7.6:p1
  • ISC BIND 9.7.6-p2
    cpe:2.3:a:isc:bind:9.7.6:p2
  • ISC BIND 9.7.6 Patch 3
    cpe:2.3:a:isc:bind:9.7.6:p3
  • ISC BIND 9.7.6 Patch 4
    cpe:2.3:a:isc:bind:9.7.6:p4
  • ISC BIND 9.7.7
    cpe:2.3:a:isc:bind:9.7.7
  • ISC BIND 9.8.0
    cpe:2.3:a:isc:bind:9.8.0
  • ISC BIND 9.8.0 A1
    cpe:2.3:a:isc:bind:9.8.0:a1
  • ISC BIND 9.8.0 B1
    cpe:2.3:a:isc:bind:9.8.0:b1
  • ISC BIND 9.8.0 P1
    cpe:2.3:a:isc:bind:9.8.0:p1
  • ISC BIND 9.8.0 P2
    cpe:2.3:a:isc:bind:9.8.0:p2
  • ISC BIND 9.8.0-P4
    cpe:2.3:a:isc:bind:9.8.0:p4
  • ISC BIND 9.8.0 Release Candidate 1
    cpe:2.3:a:isc:bind:9.8.0:rc1
  • ISC BIND 9.8.1
    cpe:2.3:a:isc:bind:9.8.1
  • ISC BIND 9.8.1 B1
    cpe:2.3:a:isc:bind:9.8.1:b1
  • ISC BIND 9.8.1 B2
    cpe:2.3:a:isc:bind:9.8.1:b2
  • ISC BIND 9.8.1 B3
    cpe:2.3:a:isc:bind:9.8.1:b3
  • ISC BIND 9.8.1-P1
    cpe:2.3:a:isc:bind:9.8.1:p1
  • ISC BIND 9.8.1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.8.1:rc1
  • ISC BIND 9.8.2
    cpe:2.3:a:isc:bind:9.8.2
  • ISC BIND 9.8.2 B1
    cpe:2.3:a:isc:bind:9.8.2:b1
  • ISC BIND 9.8.2 Release Candidate 1
    cpe:2.3:a:isc:bind:9.8.2:rc1
  • ISC BIND 9.8.2 Release Candidate 2
    cpe:2.3:a:isc:bind:9.8.2:rc2
  • ISC BIND 9.8.3
    cpe:2.3:a:isc:bind:9.8.3
  • ISC BIND 9.8.3-p1
    cpe:2.3:a:isc:bind:9.8.3:p1
  • ISC BIND 9.8.3-p2
    cpe:2.3:a:isc:bind:9.8.3:p2
  • ISC BIND 9.8.3 Patch 3
    cpe:2.3:a:isc:bind:9.8.3:p3
  • ISC BIND 9.8.3 Patch 4
    cpe:2.3:a:isc:bind:9.8.3:p4
  • ISC BIND 9.8.4
    cpe:2.3:a:isc:bind:9.8.4
  • ISC BIND 9.8.5
    cpe:2.3:a:isc:bind:9.8.5
  • ISC BIND 9.8.5 b1
    cpe:2.3:a:isc:bind:9.8.5:b1
  • ISC BIND 9.8.5 b2
    cpe:2.3:a:isc:bind:9.8.5:b2
  • ISC BIND 9.8.5 P1
    cpe:2.3:a:isc:bind:9.8.5:p1
  • ISC BIND 9.8.5 P2
    cpe:2.3:a:isc:bind:9.8.5:p2
  • ISC BIND 9.8.5 release candidate 1
    cpe:2.3:a:isc:bind:9.8.5:rc1
  • ISC BIND 9.8.5 release candidate 2
    cpe:2.3:a:isc:bind:9.8.5:rc2
  • ISC BIND 9.8.6b1
    cpe:2.3:a:isc:bind:9.8.6:b1
  • ISC BIND 9.8.6 release candidate 1
    cpe:2.3:a:isc:bind:9.8.6:rc1
  • ISC BIND 9.8.6 release candidate 2
    cpe:2.3:a:isc:bind:9.8.6:rc2
  • ISC BIND 9.9.0
    cpe:2.3:a:isc:bind:9.9.0
  • ISC BIND 9.9.0a1
    cpe:2.3:a:isc:bind:9.9.0:a1
  • ISC BIND 9.9.0a2
    cpe:2.3:a:isc:bind:9.9.0:a2
  • ISC BIND 9.9.0a3
    cpe:2.3:a:isc:bind:9.9.0:a3
  • ISC BIND 9.9.0b1
    cpe:2.3:a:isc:bind:9.9.0:b1
  • ISC BIND 9.9.0b2
    cpe:2.3:a:isc:bind:9.9.0:b2
  • cpe:2.3:a:isc:bind:9.9.0:p1
    cpe:2.3:a:isc:bind:9.9.0:p1
  • ISC BIND 9.9.0 release candidate 1
    cpe:2.3:a:isc:bind:9.9.0:rc1
  • ISC BIND 9.9.0 release candidate 2
    cpe:2.3:a:isc:bind:9.9.0:rc2
  • ISC BIND 9.9.0 release candidate 3
    cpe:2.3:a:isc:bind:9.9.0:rc3
  • ISC BIND 9.9.0 release candidate 4
    cpe:2.3:a:isc:bind:9.9.0:rc4
  • ISC BIND 9.9.1
    cpe:2.3:a:isc:bind:9.9.1
  • ISC BIND 9.9.1-p1
    cpe:2.3:a:isc:bind:9.9.1:p1
  • ISC BIND 9.9.1-p2
    cpe:2.3:a:isc:bind:9.9.1:p2
  • ISC BIND 9.9.1 Patch 3
    cpe:2.3:a:isc:bind:9.9.1:p3
  • ISC BIND 9.9.1 Patch 4
    cpe:2.3:a:isc:bind:9.9.1:p4
  • ISC BIND 9.9.2
    cpe:2.3:a:isc:bind:9.9.2
  • ISC BIND 9.9.2 P1
    cpe:2.3:a:isc:bind:9.9.2:p1
  • ISC BIND 9.9.2 P2
    cpe:2.3:a:isc:bind:9.9.2:p2
  • ISC BIND 9.9.3
    cpe:2.3:a:isc:bind:9.9.3
  • ISC BIND 9.9.3 b1
    cpe:2.3:a:isc:bind:9.9.3:b1
  • ISC BIND 9.9.3 b2
    cpe:2.3:a:isc:bind:9.9.3:b2
  • ISC BIND 9.9.3p1
    cpe:2.3:a:isc:bind:9.9.3:p1
  • ISC BIND 9.9.3p2
    cpe:2.3:a:isc:bind:9.9.3:p2
  • ISC BIND 9.9.3 release candidate 1
    cpe:2.3:a:isc:bind:9.9.3:rc1
  • ISC BIND 9.9.3 release candidate 2
    cpe:2.3:a:isc:bind:9.9.3:rc2
  • cpe:2.3:a:isc:bind:9.9.3:s1
    cpe:2.3:a:isc:bind:9.9.3:s1
  • ISC BIND 9.9.4b1
    cpe:2.3:a:isc:bind:9.9.4:b1
  • ISC BIND 9.9.5
    cpe:2.3:a:isc:bind:9.9.5
  • ISC BIND 9.9.6
    cpe:2.3:a:isc:bind:9.9.6
  • ISC BIND 9.9.6 p1
    cpe:2.3:a:isc:bind:9.9.6:p1
  • ISC BIND 9.9.7 b1
    cpe:2.3:a:isc:bind:9.9.7:b1
  • ISC BIND 9.9.7 Patch 1
    cpe:2.3:a:isc:bind:9.9.7:p1
  • ISC BIND 9.9.7 Release Candidate 1
    cpe:2.3:a:isc:bind:9.9.7:rc1
  • ISC BIND 9.9.7 Release Candidate 2
    cpe:2.3:a:isc:bind:9.9.7:rc2
  • ISC BIND 9.9.8
    cpe:2.3:a:isc:bind:9.9.8
  • ISC Bind 9.9.8 Patch 2
    cpe:2.3:a:isc:bind:9.9.8:p2
  • ISC BIND 9.9.8 Patch 3
    cpe:2.3:a:isc:bind:9.9.8:p3
  • ISC BIND 9.9.8 P4
    cpe:2.3:a:isc:bind:9.9.8:p4
  • ISC BIND 9.9.8 Release Candidate 1
    cpe:2.3:a:isc:bind:9.9.8:rc1
  • ISC BIND 9.9.8 S1
    cpe:2.3:a:isc:bind:9.9.8:s1
  • ISC BIND 9.9.8 Supported Preview Edition 2
    cpe:2.3:a:isc:bind:9.9.8:s2
  • ISC BIND 9.9.8 Supported Preview Edition 3
    cpe:2.3:a:isc:bind:9.9.8:s3
  • ISC BIND 9.9.8 Supported Preview Edition 4
    cpe:2.3:a:isc:bind:9.9.8:s4
  • ISC BIND 9.9.8 S5
    cpe:2.3:a:isc:bind:9.9.8:s5
  • ISC BIND 9.9.8 S6
    cpe:2.3:a:isc:bind:9.9.8:s6
  • ISC BIND 9.9.9
    cpe:2.3:a:isc:bind:9.9.9
  • ISC BIND 9.9.9 B1
    cpe:2.3:a:isc:bind:9.9.9:b1
  • ISC BIND 9.9.9 B2
    cpe:2.3:a:isc:bind:9.9.9:b2
  • ISC BIND 9.9.9 P1
    cpe:2.3:a:isc:bind:9.9.9:p1
  • ISC BIND 9.9.9 Patch 3
    cpe:2.3:a:isc:bind:9.9.9:p3
  • ISC BIND 9.9.9 Patch 4
    cpe:2.3:a:isc:bind:9.9.9:p4
  • ISC BIND 9.9.9 Release Candidate 1
    cpe:2.3:a:isc:bind:9.9.9:rc1
  • ISC BIND 9.9.9 S1
    cpe:2.3:a:isc:bind:9.9.9:s1
  • ISC BIND 9.9.9 S1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.9.9:s1rc1
  • ISC BIND 9.9.9 S6
    cpe:2.3:a:isc:bind:9.9.9:s6
  • ISC BIND 9.9.9 S7
    cpe:2.3:a:isc:bind:9.9.9:s7
  • cpe:2.3:a:isc:bind:9.9.10:s2
    cpe:2.3:a:isc:bind:9.9.10:s2
  • ISC BIND 9.10.0
    cpe:2.3:a:isc:bind:9.10.0
  • ISC BIND 9.10.0 Alpha 1
    cpe:2.3:a:isc:bind:9.10.0:a1
  • ISC BIND 9.10.0 Alpha 2
    cpe:2.3:a:isc:bind:9.10.0:a2
  • ISC BIND 9.10.0 Beta 1
    cpe:2.3:a:isc:bind:9.10.0:b1
  • ISC BIND 9.10.0 Beta 2
    cpe:2.3:a:isc:bind:9.10.0:b2
  • ISC BIND 9.10.0 Patch 1
    cpe:2.3:a:isc:bind:9.10.0:p1
  • ISC BIND 9.10.0 Patch 2
    cpe:2.3:a:isc:bind:9.10.0:p2
  • ISC BIND 9.10.0 Release Candidate 1
    cpe:2.3:a:isc:bind:9.10.0:rc1
  • ISC BIND 9.10.0 Release Candidate 2
    cpe:2.3:a:isc:bind:9.10.0:rc2
  • ISC BIND 9.10.1
    cpe:2.3:a:isc:bind:9.10.1
  • ISC BIND 9.10.1 Beta 1
    cpe:2.3:a:isc:bind:9.10.1:b1
  • ISC BIND 9.10.1 Beta 2
    cpe:2.3:a:isc:bind:9.10.1:b2
  • ISC BIND 9.10.1 p1
    cpe:2.3:a:isc:bind:9.10.1:p1
  • ISC BIND 9.10.1 Patch 2
    cpe:2.3:a:isc:bind:9.10.1:p2
  • ISC BIND 9.10.1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.10.1:rc1
  • ISC BIND 9.10.1 Release Candidate 2
    cpe:2.3:a:isc:bind:9.10.1:rc2
  • ISC BIND 9.10.2
    cpe:2.3:a:isc:bind:9.10.2
  • ISC BIND 9.10.2 b2
    cpe:2.3:a:isc:bind:9.10.2:b1
  • ISC BIND 9.10.2 P1
    cpe:2.3:a:isc:bind:9.10.2:p1
  • ISC BIND 9.10.2 Patch 2
    cpe:2.3:a:isc:bind:9.10.2:p2
  • ISC BIND 9.10.2 P3
    cpe:2.3:a:isc:bind:9.10.2:p3
  • ISC BIND 9.10.2 P4
    cpe:2.3:a:isc:bind:9.10.2:p4
  • ISC BIND 9.10.2 Release Candidate 1
    cpe:2.3:a:isc:bind:9.10.2:rc1
  • ISC BIND 9.10.2 Release Candidate 2
    cpe:2.3:a:isc:bind:9.10.2:rc2
  • ISC BIND 9.10.3
    cpe:2.3:a:isc:bind:9.10.3
  • ISC BIND 9.10.3 Beta 1
    cpe:2.3:a:isc:bind:9.10.3:b1
  • ISC Bind 9.10.3 Patch 1
    cpe:2.3:a:isc:bind:9.10.3:p1
  • ISC Bind 9.10.3 Patch 2
    cpe:2.3:a:isc:bind:9.10.3:p2
  • ISC BIND 9.10.3 Patch 3
    cpe:2.3:a:isc:bind:9.10.3:p3
  • ISC BIND 9.10.3 P4
    cpe:2.3:a:isc:bind:9.10.3:p4
  • ISC BIND 9.10.3 Release Candidate 1
    cpe:2.3:a:isc:bind:9.10.3:rc1
  • ISC BIND 9.10.4
    cpe:2.3:a:isc:bind:9.10.4
  • ISC BIND 9.10.4 Beta 1
    cpe:2.3:a:isc:bind:9.10.4:b1
  • ISC BIND 9.10.4 B2
    cpe:2.3:a:isc:bind:9.10.4:b2
  • ISC BIND 9.10.4 B3
    cpe:2.3:a:isc:bind:9.10.4:b3
  • ISC BIND 9.10.4 Patch 1
    cpe:2.3:a:isc:bind:9.10.4:p1
  • ISC BIND 9.10.4 Patch 2
    cpe:2.3:a:isc:bind:9.10.4:p2
  • ISC BIND 9.10.4 Patch 3
    cpe:2.3:a:isc:bind:9.10.4:p3
  • ISC BIND 9.10.4 Patch 4
    cpe:2.3:a:isc:bind:9.10.4:p4
  • ISC BIND 9.10.4 Patch 5
    cpe:2.3:a:isc:bind:9.10.4:p5
  • ISC BIND 9.10.4 Patch 6
    cpe:2.3:a:isc:bind:9.10.4:p6
  • ISC BIND 9.10.4 Patch 8
    cpe:2.3:a:isc:bind:9.10.4:p8
  • ISC BIND 9.10.4 Release Candidate 1
    cpe:2.3:a:isc:bind:9.10.4:rc1
  • ISC BIND 9.10.5
    cpe:2.3:a:isc:bind:9.10.5
  • ISC BIND 9.10.5 Beta 1
    cpe:2.3:a:isc:bind:9.10.5:b1
  • ISC BIND 9.10.5 Patch 1
    cpe:2.3:a:isc:bind:9.10.5:p1
  • ISC BIND 9.10.5 Patch 2
    cpe:2.3:a:isc:bind:9.10.5:p2
  • ISC BIND 9.10.5 Patch 3
    cpe:2.3:a:isc:bind:9.10.5:p3
  • ISC BIND 9.10.5 Release Candidate 1
    cpe:2.3:a:isc:bind:9.10.5:rc1
  • ISC BIND 9.10.5 Release Candidate 3
    cpe:2.3:a:isc:bind:9.10.5:rc3
  • cpe:2.3:a:isc:bind:9.10.5:s1
    cpe:2.3:a:isc:bind:9.10.5:s1
  • cpe:2.3:a:isc:bind:9.10.5:s2
    cpe:2.3:a:isc:bind:9.10.5:s2
  • ISC BIND 9.11.0
    cpe:2.3:a:isc:bind:9.11.0
  • ISC BIND 9.11.0 Alpha 1
    cpe:2.3:a:isc:bind:9.11.0:a1
  • ISC BIND 9.11.0 Alpha 2
    cpe:2.3:a:isc:bind:9.11.0:a2
  • ISC BIND 9.11.0 Alpha 3
    cpe:2.3:a:isc:bind:9.11.0:a3
  • ISC BIND 9.11.0 Beta 1
    cpe:2.3:a:isc:bind:9.11.0:b1
  • ISC BIND 9.11.0 Beta 2
    cpe:2.3:a:isc:bind:9.11.0:b2
  • ISC BIND 9.11.0 Beta 3
    cpe:2.3:a:isc:bind:9.11.0:b3
  • ISC BIND 9.11.0 Patch 1
    cpe:2.3:a:isc:bind:9.11.0:p1
  • ISC BIND 9.11.0 Patch 2
    cpe:2.3:a:isc:bind:9.11.0:p2
  • ISC BIND 9.11.0 Patch 3
    cpe:2.3:a:isc:bind:9.11.0:p3
  • ISC BIND 9.11.0 Patch 5
    cpe:2.3:a:isc:bind:9.11.0:p5
  • ISC BIND 9.11.0 Release Candidate 1
    cpe:2.3:a:isc:bind:9.11.0:rc1
  • ISC BIND 9.11.0 Release Candidate 3
    cpe:2.3:a:isc:bind:9.11.0:rc3
  • ISC BIND 9.11.1
    cpe:2.3:a:isc:bind:9.11.1
  • ISC BIND 9.11.1 Beta 1
    cpe:2.3:a:isc:bind:9.11.1:b1
  • cpe:2.3:a:isc:bind:9.11.1:p1
    cpe:2.3:a:isc:bind:9.11.1:p1
  • ISC BIND 9.11.1 Patch 3
    cpe:2.3:a:isc:bind:9.11.1:p3
  • ISC BIND 9.11.1 Release Candidate 1
    cpe:2.3:a:isc:bind:9.11.1:rc1
  • ISC BIND 9.11.1 Release Candidate 3
    cpe:2.3:a:isc:bind:9.11.1:rc3
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • Red Hat Enterprise Linux Server 6.0
    cpe:2.3:o:redhat:enterprise_linux_server:6.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Red Hat Enterprise Linux Advanced mission critical Update Support (AUS) 7.3
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.4
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
  • Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.3
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.4
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.5
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
  • Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3
  • Red Hat Enterprise Linux Server Telecommunications Update Service (TUS) 7.6
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-284
CAPEC
  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
nessus via4
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0252.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix (CVE-2018-5740) - Fix (CVE-2017-3145) - Change EDNS flags only after successful query (#1416035) - Fix crash in ldap driver at bind-sdb stop (#1426626) - Fix (CVE-2017-3142, CVE-2017-3143) - Update root servers and trust anchors - Fix DNSKEY that encountered a CNAME (#1447872, ISC change 3391) - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578)
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 112170
    published 2018-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112170
    title OracleVM 3.3 / 3.4 : bind (OVMSA-2018-0252)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3346-2.NASL
    description USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem. In addition, this update adds the new root zone key signing key (KSK). Clement Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. (CVE-2017-3143) Clement Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire zones. (CVE-2017-3142). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 103319
    published 2017-09-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103319
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : bind9 regression (USN-3346-2)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-59127A606C.NASL
    description Fixes CVE-2017-3142 and CVE-2017-3143 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 102388
    published 2017-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102388
    title Fedora 24 : 12:dhcp / bind99 (2017-59127a606c)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-30F678E62A.NASL
    description Update to last supported version, fixes CVE-2017-3142 and CVE-2017-3143. Includes minor fix of missing dependencies. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101603
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101603
    title Fedora 26 : 32:bind (2017-30f678e62a)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-858.NASL
    description Security Fix(es): A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. (CVE-2017-3142 , CVE-2017-3143)
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101933
    published 2017-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101933
    title Amazon Linux AMI : bind (ALAS-2017-858)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-1679.NASL
    description An update for bind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. (CVE-2017-3143) * A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. (CVE-2017-3142) Red Hat would like to thank Internet Systems Consortium for reporting these issues. Upstream acknowledges Clement Berthaux (Synacktiv) as the original reporter of these issues. Bug Fix(es) : * ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK, by adding the new root zone KSK, is essential for ensuring that validating DNS resolvers continue to function following the rollover. (BZ#1458234)
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101235
    published 2017-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101235
    title CentOS 6 : bind (CESA-2017:1679)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1680.NASL
    description An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. (CVE-2017-3143) * A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. (CVE-2017-3142) Red Hat would like to thank Internet Systems Consortium for reporting these issues. Upstream acknowledges Clement Berthaux (Synacktiv) as the original reporter of these issues. Bug Fix(es) : * ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK, by adding the new root zone KSK, is essential for ensuring that validating DNS resolvers continue to function following the rollover. (BZ#1459649)
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101254
    published 2017-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101254
    title RHEL 7 : bind (RHSA-2017:1680)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-1679.NASL
    description From Red Hat Security Advisory 2017:1679 : An update for bind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. (CVE-2017-3143) * A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. (CVE-2017-3142) Red Hat would like to thank Internet Systems Consortium for reporting these issues. Upstream acknowledges Clement Berthaux (Synacktiv) as the original reporter of these issues. Bug Fix(es) : * ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK, by adding the new root zone KSK, is essential for ensuring that validating DNS resolvers continue to function following the rollover. (BZ#1458234)
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101249
    published 2017-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101249
    title Oracle Linux 6 : bind (ELSA-2017-1679)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL02230327.NASL
    description An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2. (CVE-2017-3143) Impact BIG-IP An attacker may be able to manipulate the contents of a zone when the vulnerability is exploited. For the BIG-IP system to be considered vulnerable, it must have allowed remote update with TSIG authentication configured in BIND. This configuration combination is not a default configuration. F5 iWorkflow, BIG-IQ, andEnterprise Manager There is no impact. Although the BIG-IQ and Enterprise Manager software contain the vulnerable code, the BIG-IQ and Enterprise Manager systems do not use the vulnerable code in a way that exposes the vulnerability in default, standard, or recommended configurations.
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 105435
    published 2017-12-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105435
    title F5 Networks BIG-IP : BIND vulnerability (K02230327)
  • NASL family Junos Local Security Checks
    NASL id JUNIPER_SPACE_JSA10917_184R1.NASL
    description According to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : - An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126) - A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897) - An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID binary could use this flaw to escalate their privileges on the system. (CVE-2018-14634) Additionally, Junos Space is affected by several other vulnerabilities exist as noted in the vendor advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-10
    plugin id 121068
    published 2019-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121068
    title Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-D04F7DDD73.NASL
    description Update back to ISC supported version. Security fix for CVE-2017-3143, CVE-2017-3142, CVE-2017-3140 ---- Update to 10.1. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101246
    published 2017-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101246
    title Fedora 25 : 32:bind / bind-dyndb-ldap / dnsperf (2017-d04f7ddd73)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1025.NASL
    description CVE-2017-3142 An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into : - providing an AXFR of a zone to an unauthorized recipient - accepting bogus NOTIFY packets CVE-2017-3143 An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. For Debian 7 'Wheezy', these problems have been fixed in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u18. We recommend that you upgrade your bind9 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101536
    published 2017-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101536
    title Debian DLA-1025-1 : bind9 security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1737-1.NASL
    description This update for bind fixes the following issues : - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101146
    published 2017-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101146
    title SUSE SLES11 Security Update : bind (SUSE-SU-2017:1737-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1736-1.NASL
    description This update for bind fixes the following issues : - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101145
    published 2017-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101145
    title SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2017:1736-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-783.NASL
    description This update for bind fixes the following issues : - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101280
    published 2017-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101280
    title openSUSE Security Update : bind (openSUSE-2017-783)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3346-1.NASL
    description Clement Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. (CVE-2017-3143) Clement Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire zones. (CVE-2017-3142). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101157
    published 2017-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101157
    title Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : bind9 vulnerabilities (USN-3346-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3904.NASL
    description Clement Berthaux from Synaktiv discovered two vulnerabilities in BIND, a DNS server implementation. They allow an attacker to bypass TSIG authentication by sending crafted DNS packets to a server. - CVE-2017-3142 An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into : - providing an AXFR of a zone to an unauthorized recipient - accepting bogus NOTIFY packets - CVE-2017-3143 An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update.
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101322
    published 2017-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101322
    title Debian DSA-3904-1 : bind9 - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-167CFA7B09.NASL
    description Update to new ISC supported version 9.9.10. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101326
    published 2017-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101326
    title Fedora 25 : 12:dhcp / bind99 (2017-167cfa7b09)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-1680.NASL
    description From Red Hat Security Advisory 2017:1680 : An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. (CVE-2017-3143) * A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. (CVE-2017-3142) Red Hat would like to thank Internet Systems Consortium for reporting these issues. Upstream acknowledges Clement Berthaux (Synacktiv) as the original reporter of these issues. Bug Fix(es) : * ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK, by adding the new root zone KSK, is essential for ensuring that validating DNS resolvers continue to function following the rollover. (BZ#1459649)
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101250
    published 2017-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101250
    title Oracle Linux 7 : bind (ELSA-2017-1680)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1140.NASL
    description According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet.(CVE-2017-3142) - A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request.(CVE-2017-3143) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 102227
    published 2017-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102227
    title EulerOS 2.0 SP1 : bind (EulerOS-SA-2017-1140)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-1679.NASL
    description An update for bind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. (CVE-2017-3143) * A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. (CVE-2017-3142) Red Hat would like to thank Internet Systems Consortium for reporting these issues. Upstream acknowledges Clement Berthaux (Synacktiv) as the original reporter of these issues. Bug Fix(es) : * ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK, by adding the new root zone KSK, is essential for ensuring that validating DNS resolvers continue to function following the rollover. (BZ#1458234) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-19
    plugin id 119217
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119217
    title Virtuozzo 6 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2017-1679)
  • NASL family DNS
    NASL id BIND9_CVE-2017-3143.NASL
    description According to its self-reported version, the instance of ISC BIND 9 running on the remote name server is 9.9.x prior to 9.9.10-P2 or 9.9.10-S3, 9.10.x prior to 9.10.5-P2 or 9.10.5-S3, or 9.11.x prior to 9.11.1-P2. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Transaction Signature (TSIG) authentication implementation when handling received messages. An unauthenticated, remote attacker can exploit this, via a specially crafted request packet, to circumvent TSIG authentication of AXFR requests. Note that to exploit this issue the attacker must be able to send and receive messages to an authoritative DNS server and have knowledge of a valid TSIG key name. (CVE-2017-3142) - A flaw exists in the Transaction Signature (TSIG) authentication implementation when handling messages. An unauthenticated, remote attacker can exploit this to manipulate BIND into accepting an unauthorized dynamic update. Note that to exploit this issue the attacker must be able to send and receive messages to an authoritative DNS server and have knowledge of a valid TSIG key name for the zone and service being targeted. (CVE-2017-3143) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 101232
    published 2017-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101232
    title ISC BIND 9 < 9.9.10-P2 / 9.9.10-S3 / 9.10.5-P2 / 9.10.5-S3 / 9.11.1-P2 Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-87F1F8C798.NASL
    description Update to new ISC supported version 9.9.10-P2 including security fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101677
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101677
    title Fedora 26 : 12:dhcp / bind99 (2017-87f1f8c798)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0122.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix (CVE-2017-3142, CVE-2017-3143) - Update root servers and trust anchors (#1458234)
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101252
    published 2017-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101252
    title OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0122)
  • NASL family AIX Local Security Checks
    NASL id AIX_BIND_ADVISORY16.NASL
    description The version of bind installed on the remote AIX host is affected by the following vulnerabilities : - A security bypass exists in the way BIND handles TSIG authentication for dynamic updates. A remote, unauthenticated attacker can exploit this, via a specially crafted request packet containing a valid TSIG key name, to transfer the target zone. (CVE-2017-3142) - A security bypass exists in the way BIND handles TSIG authentication for dynamic updates. A remote, unauthenticated attacker can exploit this, via a specially crafted request packet containing a valid TSIG key name, to force an unauthorized dynamic update. (CVE-2017-3143)
    last seen 2019-02-21
    modified 2018-07-17
    plugin id 102822
    published 2017-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102822
    title AIX bind Advisory : bind_advisory16.asc (IV98826) (IV98827)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1141.NASL
    description According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet.(CVE-2017-3142) - A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request.(CVE-2017-3143) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-19
    plugin id 102228
    published 2017-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102228
    title EulerOS 2.0 SP2 : bind (EulerOS-SA-2017-1141)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1679.NASL
    description An update for bind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. (CVE-2017-3143) * A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. (CVE-2017-3142) Red Hat would like to thank Internet Systems Consortium for reporting these issues. Upstream acknowledges Clement Berthaux (Synacktiv) as the original reporter of these issues. Bug Fix(es) : * ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK, by adding the new root zone KSK, is essential for ensuring that validating DNS resolvers continue to function following the rollover. (BZ#1458234)
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101253
    published 2017-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101253
    title RHEL 6 : bind (RHSA-2017:1679)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-1680.NASL
    description An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. (CVE-2017-3143) * A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. (CVE-2017-3142) Red Hat would like to thank Internet Systems Consortium for reporting these issues. Upstream acknowledges Clement Berthaux (Synacktiv) as the original reporter of these issues. Bug Fix(es) : * ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK, by adding the new root zone KSK, is essential for ensuring that validating DNS resolvers continue to function following the rollover. (BZ#1459649) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-19
    plugin id 104579
    published 2017-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104579
    title Virtuozzo 7 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2017-1680)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170705_BIND_ON_SL7_X.NASL
    description Security Fix(es) : - A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. (CVE-2017-3143) - A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. (CVE-2017-3142) Bug Fix(es) : - ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK, by adding the new root zone KSK, is essential for ensuring that validating DNS resolvers continue to function following the rollover.
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101257
    published 2017-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101257
    title Scientific Linux Security Update : bind on SL7.x x86_64
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2017-180-02.NASL
    description New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101116
    published 2017-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101116
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : bind (SSA:2017-180-02)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170705_BIND_ON_SL6_X.NASL
    description Security Fix(es) : - A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. (CVE-2017-3143) - A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. (CVE-2017-3142) Bug Fix(es) : - ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK, by adding the new root zone KSK, is essential for ensuring that validating DNS resolvers continue to function following the rollover.
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101256
    published 2017-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101256
    title Scientific Linux Security Update : bind on SL6.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-001F135337.NASL
    description Update back to ISC supported version. Security fix for CVE-2017-3143, CVE-2017-3142, CVE-2017-3140 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101494
    published 2017-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101494
    title Fedora 24 : 32:bind / bind-dyndb-ldap / dnsperf (2017-001f135337)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1738-1.NASL
    description This update for bind fixes the following issues : - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into (1) providing an AXFR of a zone to an unauthorized recipient and (2) accepting bogus Notify packets. [bsc#1046554, CVE-2017-3142] - An attacker who with the ability to send and receive messages to an authoritative DNS server and who had knowledge of a valid TSIG key name for the zone and service being targeted was able to manipulate BIND into accepting an unauthorized dynamic update. [bsc#1046555, CVE-2017-3143] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101147
    published 2017-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101147
    title SUSE SLES12 Security Update : bind (SUSE-SU-2017:1738-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-1680.NASL
    description An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. (CVE-2017-3143) * A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. (CVE-2017-3142) Red Hat would like to thank Internet Systems Consortium for reporting these issues. Upstream acknowledges Clement Berthaux (Synacktiv) as the original reporter of these issues. Bug Fix(es) : * ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK, by adding the new root zone KSK, is essential for ensuring that validating DNS resolvers continue to function following the rollover. (BZ#1459649)
    last seen 2019-02-21
    modified 2019-02-12
    plugin id 101236
    published 2017-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101236
    title CentOS 7 : bind (CESA-2017:1680)
redhat via4
advisories
  • bugzilla
    id 1466193
    title CVE-2017-3143 bind: An error in TSIG authentication can permit unauthorized dynamic updates
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment bind is earlier than 32:9.8.2-0.62.rc1.el6_9.4
          oval oval:com.redhat.rhsa:tst:20171679007
        • comment bind is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975006
      • AND
        • comment bind-chroot is earlier than 32:9.8.2-0.62.rc1.el6_9.4
          oval oval:com.redhat.rhsa:tst:20171679009
        • comment bind-chroot is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975012
      • AND
        • comment bind-devel is earlier than 32:9.8.2-0.62.rc1.el6_9.4
          oval oval:com.redhat.rhsa:tst:20171679011
        • comment bind-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975010
      • AND
        • comment bind-libs is earlier than 32:9.8.2-0.62.rc1.el6_9.4
          oval oval:com.redhat.rhsa:tst:20171679013
        • comment bind-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975016
      • AND
        • comment bind-sdb is earlier than 32:9.8.2-0.62.rc1.el6_9.4
          oval oval:com.redhat.rhsa:tst:20171679005
        • comment bind-sdb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975014
      • AND
        • comment bind-utils is earlier than 32:9.8.2-0.62.rc1.el6_9.4
          oval oval:com.redhat.rhsa:tst:20171679015
        • comment bind-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975008
    rhsa
    id RHSA-2017:1679
    released 2017-07-05
    severity Important
    title RHSA-2017:1679: bind security and bug fix update (Important)
  • bugzilla
    id 1466193
    title CVE-2017-3143 bind: An error in TSIG authentication can permit unauthorized dynamic updates
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment bind is earlier than 32:9.9.4-50.el7_3.1
          oval oval:com.redhat.rhsa:tst:20171680025
        • comment bind is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975006
      • AND
        • comment bind-chroot is earlier than 32:9.9.4-50.el7_3.1
          oval oval:com.redhat.rhsa:tst:20171680009
        • comment bind-chroot is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975012
      • AND
        • comment bind-devel is earlier than 32:9.9.4-50.el7_3.1
          oval oval:com.redhat.rhsa:tst:20171680007
        • comment bind-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975010
      • AND
        • comment bind-libs is earlier than 32:9.9.4-50.el7_3.1
          oval oval:com.redhat.rhsa:tst:20171680019
        • comment bind-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975016
      • AND
        • comment bind-libs-lite is earlier than 32:9.9.4-50.el7_3.1
          oval oval:com.redhat.rhsa:tst:20171680023
        • comment bind-libs-lite is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141984041
      • AND
        • comment bind-license is earlier than 32:9.9.4-50.el7_3.1
          oval oval:com.redhat.rhsa:tst:20171680031
        • comment bind-license is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141984029
      • AND
        • comment bind-lite-devel is earlier than 32:9.9.4-50.el7_3.1
          oval oval:com.redhat.rhsa:tst:20171680029
        • comment bind-lite-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141984039
      • AND
        • comment bind-pkcs11 is earlier than 32:9.9.4-50.el7_3.1
          oval oval:com.redhat.rhsa:tst:20171680011
        • comment bind-pkcs11 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152655032
      • AND
        • comment bind-pkcs11-devel is earlier than 32:9.9.4-50.el7_3.1
          oval oval:com.redhat.rhsa:tst:20171680005
        • comment bind-pkcs11-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152655028
      • AND
        • comment bind-pkcs11-libs is earlier than 32:9.9.4-50.el7_3.1
          oval oval:com.redhat.rhsa:tst:20171680021
        • comment bind-pkcs11-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152655030
      • AND
        • comment bind-pkcs11-utils is earlier than 32:9.9.4-50.el7_3.1
          oval oval:com.redhat.rhsa:tst:20171680027
        • comment bind-pkcs11-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152655023
      • AND
        • comment bind-sdb is earlier than 32:9.9.4-50.el7_3.1
          oval oval:com.redhat.rhsa:tst:20171680013
        • comment bind-sdb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975014
      • AND
        • comment bind-sdb-chroot is earlier than 32:9.9.4-50.el7_3.1
          oval oval:com.redhat.rhsa:tst:20171680015
        • comment bind-sdb-chroot is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141984035
      • AND
        • comment bind-utils is earlier than 32:9.9.4-50.el7_3.1
          oval oval:com.redhat.rhsa:tst:20171680017
        • comment bind-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100975008
    rhsa
    id RHSA-2017:1680
    released 2017-07-05
    severity Important
    title RHSA-2017:1680: bind security and bug fix update (Important)
rpms
  • bind-32:9.8.2-0.62.rc1.el6_9.4
  • bind-chroot-32:9.8.2-0.62.rc1.el6_9.4
  • bind-devel-32:9.8.2-0.62.rc1.el6_9.4
  • bind-libs-32:9.8.2-0.62.rc1.el6_9.4
  • bind-sdb-32:9.8.2-0.62.rc1.el6_9.4
  • bind-utils-32:9.8.2-0.62.rc1.el6_9.4
  • bind-32:9.9.4-50.el7_3.1
  • bind-chroot-32:9.9.4-50.el7_3.1
  • bind-devel-32:9.9.4-50.el7_3.1
  • bind-libs-32:9.9.4-50.el7_3.1
  • bind-libs-lite-32:9.9.4-50.el7_3.1
  • bind-license-32:9.9.4-50.el7_3.1
  • bind-lite-devel-32:9.9.4-50.el7_3.1
  • bind-pkcs11-32:9.9.4-50.el7_3.1
  • bind-pkcs11-devel-32:9.9.4-50.el7_3.1
  • bind-pkcs11-libs-32:9.9.4-50.el7_3.1
  • bind-pkcs11-utils-32:9.9.4-50.el7_3.1
  • bind-sdb-32:9.9.4-50.el7_3.1
  • bind-sdb-chroot-32:9.9.4-50.el7_3.1
  • bind-utils-32:9.9.4-50.el7_3.1
refmap via4
bid 99337
confirm
debian DSA-3904
sectrack 1038809
Last major update 16-01-2019 - 15:29
Published 16-01-2019 - 15:29
Last modified 11-02-2019 - 14:26
Back to Top