Lucene search

[email protected]CVE-2017-3141

HistoryJan 16, 2019 - 8:29 p.m.

CVE-2017-3141

2019-01-1620:29:00

CWE-428

[email protected]

web.nvd.nist.gov

713

bind

windows

cve-2017-3141

service path

privilege escalation

nvd

vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.7%

JSON

The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1.

CPENameOperatorVersion
isc:bindisc bindle9.11.1
isc:bindisc bindle9.10.5
isc:bindisc bindle9.9.10
isc:bindisc bindle9.8.8
isc:bindisc bindeq9.3.2
isc:bindisc bindle9.3.6
isc:bindisc bindeq9.2.6
isc:bindisc bindle9.2.9

CPE	Name	Operator	Version
isc:bind	isc bind	le	9.11.1
isc:bind	isc bind	le	9.10.5
isc:bind	isc bind	le	9.9.10
isc:bind	isc bind	le	9.8.8
isc:bind	isc bind	eq	9.3.2
isc:bind	isc bind	le	9.3.6
isc:bind	isc bind	eq	9.2.6
isc:bind	isc bind	le	9.2.9