CVE-2017-3143 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2017-3143?

CVE-2017-3143 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-3143?

Check the references section above for vendor advisories and patch information. Affected products include: Isc Bind, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus.

Vulnerability Description

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Isc	Bind	>= 9.4.0, <= 9.8.8
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Server Aus	7.3
Redhat	Enterprise Linux Server Eus	7.3
Redhat	Enterprise Linux Server Tus	7.3
Redhat	Enterprise Linux Workstation	6.0
Debian	Debian Linux	8.0

References

http://www.securityfocus.com/bid/99337Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1038809Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:1679Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1680Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_naThird Party Advisory
https://kb.isc.org/docs/aa-01503Vendor Advisory
https://security.netapp.com/advisory/ntap-20190830-0003/
https://www.debian.org/security/2017/dsa-3904Third Party Advisory
http://www.securityfocus.com/bid/99337Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1038809Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:1679Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1680Third Party Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_naThird Party Advisory
https://kb.isc.org/docs/aa-01503Vendor Advisory
https://security.netapp.com/advisory/ntap-20190830-0003/

FAQ

What is CVE-2017-3143?

CVE-2017-3143 is a vulnerability with a CVSS score of 7.5 (HIGH). An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIN...

How severe is CVE-2017-3143?

CVE-2017-3143 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-3143?

Check the references section above for vendor advisories and patch information. Affected products include: Isc Bind, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus.