CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
93.4%
Severity: High
Date : 2017-07-04
CVE-ID : CVE-2017-3142 CVE-2017-3143
Package : bind
Type : access restriction bypass
Remote : Yes
Link : https://security.archlinux.org/AVG-335
The package bind before version 9.11.1.P2-1 is vulnerable to access
restriction bypass.
Upgrade to 9.11.1.P2-1.
The problems have been fixed upstream in version 9.11.1.P2.
None.
An error in TSIG authentication has been found in Bind <= 9.11.1-P1,
allowing a remote attacker to bypass authentication in order to perform
unauthorized zone transfers or forge NOTIFY packets. The attacker needs
to have knowledge of the key name, and should be allowed by the other
ACL restrictions if any.
An error in TSIG authentication has been found in Bind <= 9.11.1-P1,
allowing a remote attacker to bypass authentication in order to perform
unauthorized zone updates, altering the content of the zone. The
attacker needs to have knowledge of the key name, and should be allowed
by the other ACL restrictions if any.
A remote attacker can bypass authentication in order to retrieve or
update the content of a zone.
https://kb.isc.org/article/AA-01504/74/CVE-2017-3142%3A-An-error-in-TSIG-authentication-can-permit-unauthorized-zone-transfers.html
https://kb.isc.org/article/AA-01503/74/CVE-2017-3143%3A-An-error-in-TSIG-authentication-can-permit-unauthorized-dynamic-updates.html
https://security.archlinux.org/CVE-2017-3142
https://security.archlinux.org/CVE-2017-3143
kb.isc.org/article/AA-01503/74/CVE-2017-3143%3A-An-error-in-TSIG-authentication-can-permit-unauthorized-dynamic-updates.html
kb.isc.org/article/AA-01504/74/CVE-2017-3142%3A-An-error-in-TSIG-authentication-can-permit-unauthorized-zone-transfers.html
security.archlinux.org/AVG-335
security.archlinux.org/CVE-2017-3142
security.archlinux.org/CVE-2017-3143
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
93.4%