Vulnerability Details : CVE-2017-3142
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
Vulnerability category: Input validation
Products affected by CVE-2017-3142
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*
Threat overview for CVE-2017-3142
Top countries where our scanners detected CVE-2017-3142
Top open port discovered on systems with this issue
53
IPs affected by CVE-2017-3142 322,310
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2017-3142!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2017-3142
1.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-3142
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
3.7
|
LOW | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
2.2
|
1.4
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
Internet Systems Consortium (ISC) |
CWE ids for CVE-2017-3142
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-3142
-
https://access.redhat.com/errata/RHSA-2017:1680
RHSA-2017:1680 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/99339
ISC BIND CVE-2017-3142 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us
HPESBUX03772 rev.1 - HP-UX BIND Service Running Named, Multiple VulnerabilitiesThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20190830-0003/
July 2017 ISC BIND Vulnerabilities in NetApp Products | NetApp Product Security
-
https://www.debian.org/security/2017/dsa-3904
Debian -- Security Information -- DSA-3904-1 bind9Third Party Advisory
-
https://kb.isc.org/docs/aa-01504
CVE-2017-3142: An error in TSIG authentication can permit unauthorized zone transfers - Security AdvisoriesVendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:1679
RHSA-2017:1679 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securitytracker.com/id/1038809
BIND TSIG Authentication Bugs Let Remote Users Bypass Authentication to Transfer or Modify Zone Conetnt - SecurityTrackerThird Party Advisory;VDB Entry
Jump to