7.5

CVE-2017-3143

An error in TSIG authentication can permit unauthorized dynamic updates

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IscBind Version >= 9.4.0 <= 9.8.8
IscBind Version >= 9.9.0 <= 9.9.10
IscBind Version >= 9.10.0 <= 9.10.5
IscBind Version >= 9.11.0 <= 9.11.1
IscBind Version9.9.0 Updatep1
IscBind Version9.9.3 Updates1
IscBind Version9.9.10 Updates2
IscBind Version9.10.5 Updatep1
IscBind Version9.10.5 Updates1
IscBind Version9.10.5 Updates2
IscBind Version9.11.1 Updatep1
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 18.16% 0.969
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
security-officer@isc.org 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us
Third Party Advisory
http://www.securitytracker.com/id/1038809
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:1679
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1680
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190830-0003/
https://www.debian.org/security/2017/dsa-3904
Third Party Advisory
http://www.securityfocus.com/bid/99337
Third Party Advisory
VDB Entry
https://kb.isc.org/docs/aa-01503
Vendor Advisory