Skip to content
GitLab
Closed
Issue created by Alicha CH@alichaReporter

[3.6] bind: Multiple vulnerabilities (CVE-2017-3142, CVE-2017-3143)

CVE-2017-3142: An error in TSIG authentication can permit unauthorized zone transfers

Affected versions:

9.4.09.8.8, 9.9.0>9.9.10-P1, 9.10.09.10.5-P1, 9.11.0>9.11.1-P1

Fixed in:

BIND 9 version 9.11.1-P2

Reference:

https://kb.isc.org/article/AA-01504

CVE-2017-3143: An error in TSIG authentication can permit unauthorized dynamic updates

Affected versions:

9.4.09.8.8, 9.9.0>9.9.10-P1, 9.10.09.10.5-P1, 9.11.0>9.11.1-P1

Fixed in:

BIND 9 version 9.11.1-P2

Reference:

https://kb.isc.org/article/AA-01503/74/CVE-2017-3143%3A-An-error-in-TSIG-authentication-can-permit-unauthorized-dynamic-updates.html

(from redmine: issue id 7497, created on 2017-07-11, closed on 2017-08-07)

  • Relations:
  • Changesets:
    • Revision 4105cc0c by Francesco Colista on 2017-08-07T14:28:48Z:
main/bind: fix for CVE-2017-3142 and CVE-2017-3143. Fixes #7497
  • Revision 000448bf by Francesco Colista on 2017-08-07T14:39:01Z:
main/bind: fix for CVE-2017-3142 and CVE-2017-3143. Fixes #7497
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information