CVE-2017-3142 in BINDजानकारी

सारांश

द्वारा MITRE

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

जिम्मेदार

Internet Systems Consortium (ISC)

आरक्षित करना

02/12/2016

प्रकटीकरण

16/01/2019

संयम

स्वीकृत

प्रविष्टि

VDB-102964

CPE

तैयार

CWE

CWE-20 (पुष्टि की गई)

CVSS

3.7 (NVD)

EPSS

0.04951

KEV

नहीं

गतिविधियाँ

बहुत कम

क्षेत्र

Insurance, Pharma, ...

स्रोत

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-3142
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-3142
CVE Details	https://www.cvedetails.com/cve/CVE-2017-3142/

◂ पिछला सिंहावलोकन अगला ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!