Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-3143

Опубликовано: 16 янв. 2019
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 4.3
CVSS3: 7.5

Описание

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.

РелизСтатусПримечание
artful

released

1:9.10.3.dfsg.P4-10.1ubuntu7
devel

released

1:9.10.3.dfsg.P4-10.1ubuntu7
esm-infra-legacy/trusty

released

1:9.9.5.dfsg-3ubuntu0.15
esm-infra/xenial

released

1:9.10.3.dfsg.P4-8ubuntu1.7
precise/esm

not-affected

1:9.8.1.dfsg.P1-4ubuntu0.23
trusty

released

1:9.9.5.dfsg-3ubuntu0.15
trusty/esm

released

1:9.9.5.dfsg-3ubuntu0.15
upstream

needs-triage

vivid/ubuntu-core

ignored

end of life
xenial

released

1:9.10.3.dfsg.P4-8ubuntu1.7

Показывать по

Ссылки на источники

EPSS

Процентиль: 96%
0.27638
Средний

4.3 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-3143

CVSS3: 7.5
redhat
больше 8 лет назад

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.

nvd логотип

CVE-2017-3143

CVSS3: 7.5
nvd
почти 7 лет назад

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.

debian логотип

CVE-2017-3143

CVSS3: 7.5
debian
почти 7 лет назад

An attacker who is able to send and receive messages to an authoritati ...

github логотип

GHSA-jxfm-jqx8-8h25

CVSS3: 5.9
github
больше 3 лет назад

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.

fstec логотип

BDU:2018-00105

CVSS3: 7.5
fstec
больше 8 лет назад

Уязвимость реализации протокола TSIG DNS-сервера BIND, позволяющая нарушителю обойти процедуру аутентификации и получить корректную подпись для произвольных данных

EPSS

Процентиль: 96%
0.27638
Средний

4.3 Medium

CVSS2

7.5 High

CVSS3