CVE-2017-3142
MEDIUMBIND 9.4.0-9.11.1-P1 TSIG Authentication Bypass via AXFR Request
Title source: llmDescription
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
References (8)
Core 8
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1680
Third Party Advisory x_refsource_confirm
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1679
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99339
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038809
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2017/dsa-3904
Vendor Advisory x_refsource_confirm
https://kb.isc.org/docs/aa-01504
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190830-0003/
Scores
CVSS v3
5.3
EPSS
0.0495
EPSS Percentile
89.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-20
Status
published
Products (23)
debian/debian_linux
8.0
debian/debian_linux
9.0
isc/bind
9.9.0 p1
isc/bind
9.9.3 s1
isc/bind
9.9.10 s2
isc/bind
9.10.5 p1 (3 CPE variants)
isc/bind
9.11.1 p1
isc/bind
9.4.0 - 9.8.8
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_desktop
7.0
... and 13 more
Published
Jan 16, 2019
Tracked Since
Feb 18, 2026