5.9

CVE-2017-11104

Exploit
Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Knot-dnsKnot Dns Version <= 2.4.4
Knot-dnsKnot Dns Version2.5.0
Knot-dnsKnot Dns Version2.5.1
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.68% 0.839
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00076.html
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00078.html
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00089.html
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00049.html
Broken Link
http://www.debian.org/security/2017/dsa-3910
Third Party Advisory
http://www.securityfocus.com/bid/99598
Broken Link
http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf
Patch
Third Party Advisory
Exploit
Mitigation
https://bugs.debian.org/865678
Third Party Advisory
Issue Tracking
https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html
Patch
Third Party Advisory
Broken Link
Mailing List