CVE-2017-3142 : An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSI

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.

Published 2019-01-16 20:29:01

Updated 2019-08-30 17:15:10

Source Internet Systems Consortium (ISC)

View at NVD, CVE.org

Vulnerability category: Input validation

Threat overview for CVE-2017-3142

Top countries where our scanners detected CVE-2017-3142

Top open port discovered on systems with this issue 53

IPs affected by CVE-2017-3142 290,102

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2017-3142!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2017-3142

Probability of exploitation activity in the next 30 days: 1.02%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 83 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-3142

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
3.7	LOW	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N	2.2	1.4	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
5.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	Internet Systems Consortium (ISC)
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2017-3142

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-3142

https://access.redhat.com/errata/RHSA-2017:1680

RHSA-2017:1680 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/99339

ISC BIND CVE-2017-3142 Security Bypass Vulnerability
Third Party Advisory;VDB Entry
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us

HPESBUX03772 rev.1 - HP-UX BIND Service Running Named, Multiple Vulnerabilities
Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20190830-0003/

July 2017 ISC BIND Vulnerabilities in NetApp Products | NetApp Product Security

CVEs referencing this url
https://www.debian.org/security/2017/dsa-3904

Debian -- Security Information -- DSA-3904-1 bind9
Third Party Advisory

CVEs referencing this url
https://kb.isc.org/docs/aa-01504

CVE-2017-3142: An error in TSIG authentication can permit unauthorized zone transfers - Security Advisories
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:1679

RHSA-2017:1679 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1038809

BIND TSIG Authentication Bugs Let Remote Users Bypass Authentication to Transfer or Modify Zone Conetnt - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url

Products affected by CVE-2017-3142