4.3
CVSSv2

CVE-2017-3143

Published: 16/01/2019 Updated: 30/08/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.

Vulnerability Trend

Affected Products

Vendor Product Versions
IscBind9.4.0, 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6, 9.4.0b1, 9.4.0b2, 9.4.0b3, 9.4.0b4, 9.4.1, 9.4.2, 9.4.3, 9.4.3b1, 9.4.3b2, 9.4.3b3, 9.5, 9.5.0, 9.5.0-p1, 9.5.0-p2, 9.5.0-p2-w1, 9.5.0-p2-w2, 9.5.0a1, 9.5.0a2, 9.5.0a3, 9.5.0a4, 9.5.0a5, 9.5.0a6, 9.5.0a7, 9.5.0b1, 9.5.0b2, 9.5.0b3, 9.5.1, 9.5.1b1, 9.5.1b2, 9.5.1b3, 9.5.2, 9.5.2-p1, 9.5.2-p2, 9.5.2-p3, 9.5.2-p4, 9.5.2b1, 9.5.3, 9.5.3b1, 9.6, 9.6-esv, 9.6-esv-r1, 9.6-esv-r2, 9.6-esv-r3, 9.6-esv-r4, 9.6-esv-r4-p1, 9.6-esv-r5, 9.6-esv-r5b1, 9.6-esv-r6, 9.6-esv-r7, 9.6-esv-r9, 9.6.0, 9.6.0a1, 9.6.0b1, 9.6.1, 9.6.1b1, 9.6.2, 9.6.2-p1, 9.6.2-p2, 9.6.2-p3, 9.6.2b1, 9.6.3, 9.6.3b1, 9.7.0, 9.7.0a1, 9.7.0a2, 9.7.0a3, 9.7.0b1, 9.7.0b2, 9.7.0b3, 9.7.1, 9.7.1b1, 9.7.2, 9.7.3, 9.7.4, 9.7.4b1, 9.7.5, 9.7.6, 9.7.7, 9.8.0, 9.8.1, 9.8.2, 9.8.3, 9.8.4, 9.8.5, 9.8.6, 9.9.0, 9.9.1, 9.9.2, 9.9.3, 9.9.4, 9.9.5, 9.9.6, 9.9.7, 9.9.8, 9.9.9, 9.9.10, 9.10.0, 9.10.1, 9.10.2, 9.10.3, 9.10.4, 9.10.5, 9.11.0, 9.11.1
DebianDebian Linux8.0, 9.0
RedhatEnterprise Linux Desktop6.0, 7.0
RedhatEnterprise Linux Server6.0, 7.0
RedhatEnterprise Linux Server Aus7.3, 7.4, 7.6
RedhatEnterprise Linux Server Eus7.3, 7.4, 7.5, 7.6
RedhatEnterprise Linux Server Tus7.3, 7.6
RedhatEnterprise Linux Workstation6.0, 7.0

Vendor Advisories

Synopsis Important: bind security and bug fix update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...
Synopsis Important: bind security and bug fix update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...
Bind could be made to serve incorrect information or expose sensitive information over the network ...
Clément Berthaux from Synaktiv discovered two vulnerabilities in BIND, a DNS server implementation They allow an attacker to bypass TSIG authentication by sending crafted DNS packets to a server CVE-2017-3142 An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key nam ...
USN-3346-1 introduced a regression in Bind ...
Bind could be made to serve incorrect information or expose sensitive information over the network ...
Debian Bug report logs - #866564 bind9: CVE-2017-3142 CVE-2017-3143 Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 30 Jun 2017 04:21:01 UTC Severity: grave Tags: patch, security, upstream Found in version ...
A flaw was found in the way BIND handled TSIG authentication for dynamic updates A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request ...
Security Fix(es): A flaw was found in the way BIND handled TSIG authentication for dynamic updates A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request A flaw was found in the way BIND handled TSIG ...
Arch Linux Security Advisory ASA-201707-3 ========================================= Severity: High Date : 2017-07-04 CVE-ID : CVE-2017-3142 CVE-2017-3143 Package : bind Type : access restriction bypass Remote : Yes Link : securityarchlinuxorg/AVG-335 Summary ======= The package bind before version 9111P2-1 is vulnerable t ...
An error in TSIG authentication has been found in Bind <= 9111-P1, allowing a remote attacker to bypass authentication in order to perform unauthorized zone updates, altering the content of the zone The attacker needs to have knowledge of the key name, and should be allowed by the other ACL restrictions if any ...
Oracle VM Server for x86 Bulletin - July 2017 Description The Oracle VM Server for x86 Bulletin lists all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories (OVMSA) in the last one month prior to the release of the bulletin Oracle VM Server for x86 Bulletins are published on the same day ...
Oracle Solaris Third Party Bulletin - January 2018 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critica ...
Oracle Linux Bulletin - July 2017 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released ...

Github Repositories

Awesome Vulnerability Research A curated list of the awesome resources about the Vulnerability Research First things first: There are no exploits in this project Vulnerabilities != Exploits A Vulnerability resides in the software itself, doing nothing on its own If you are really curious about then you’ll find your own way to discover a flow, this list aimed to help

Awesome Vulnerability Research A curated list of the awesome resources about the Vulnerability Research First things first: There are no exploits in this project Vulnerabilities != Exploits A Vulnerability resides in the software itself, doing nothing on its own If you are really curious about then you’ll find your own way to discover a flow, this list aimed to help

TSIG Bypass exploit Exploit for CVE-2017-3143 in Bind and CVE-2017-11104 in Knot DNS See wwwsynacktivcom/ressources/CVE-2017-3143_BIND9_TSIG_dynamic_updates_vulnerability_Synacktivpdf for more info Author Clément Berthaux - clement (dot) berthaux (at) synacktiv (dot) com

BIND 9 Contents Introduction Reporting bugs and getting help Contributing to BIND BIND 911 features Building BIND macOS Compile-time options Automated testing Documentation Change log Acknowledgments Introduction BIND (Berkeley Internet Name Domain) is a complete, highly portable implementation of the DNS (Domain Name System) protocol The BIND name server, named, is able t

BIND 9 Contents Introduction Reporting bugs and getting help Contributing to BIND BIND 911 features Building BIND macOS Compile-time options Automated testing Documentation Change log Acknowledgments Introduction BIND (Berkeley Internet Name Domain) is a complete, highly portable implementation of the DNS (Domain Name System) protocol The BIND name server, named, is able t

vulners-yum-scanner Note: quick and dirty 8-) CLI utility for scanning a Yum repository against Vulners for advisories/CVE's This utility supports the following commands audit - Using a repo url (public or private), download the primary repo XML file, get the latest packages, and utilize the Vulners API to search for advisories/CVE's based on package version info,

BIND 9 Contents Introduction Reporting bugs and getting help Contributing to BIND BIND 911 features Building BIND macOS Compile-time options Automated testing Documentation Change log Acknowledgments Introduction BIND (Berkeley Internet Name Domain) is a complete, highly portable implementation of the DNS (Domain Name System) protocol The BIND name server, named, is able t

BIND 9 Contents Introduction Reporting bugs and getting help Contributing to BIND BIND 911 features Building BIND macOS Compile-time options Automated testing Documentation Change log Acknowledgments Introduction BIND (Berkeley Internet Name Domain) is a complete, highly portable implementation of the DNS (Domain Name System) protocol The BIND name server, named, is able t