This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.BIND9_CVE-2017-3143.NASLISC BIND 9 < 9.9.10-P2 / 9.9.10-S3 / 9.10.5-P2 / 9.10.5-S3 / 9.11.1-P2 Multiple Vulnerabilities
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.04 Low
EPSS
Percentile
92.1%
According to its self-reported version, the instance of ISC BIND 9 running on the remote name server is 9.9.x prior to 9.9.10-P2 or 9.9.10-S3, 9.10.x prior to 9.10.5-P2 or 9.10.5-S3, or 9.11.x prior to 9.11.1-P2. It is, therefore, affected by multiple vulnerabilities :
-
A flaw exists in the Transaction Signature (TSIG) authentication implementation when handling received messages. An unauthenticated, remote attacker can exploit this, via a specially crafted request packet, to circumvent TSIG authentication of AXFR requests. Note that to exploit this issue the attacker must be able to send and receive messages to an authoritative DNS server and have knowledge of a valid TSIG key name.
(CVE-2017-3142) -
A flaw exists in the Transaction Signature (TSIG) authentication implementation when handling messages.
An unauthenticated, remote attacker can exploit this to manipulate BIND into accepting an unauthorized dynamic update. Note that to exploit this issue the attacker must be able to send and receive messages to an authoritative DNS server and have knowledge of a valid TSIG key name for the zone and service being targeted.
(CVE-2017-3143)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(101232);
script_version("1.7");
script_cvs_date("Date: 2019/11/12");
script_cve_id("CVE-2017-3142", "CVE-2017-3143");
script_bugtraq_id(99337, 99339);
script_name(english:"ISC BIND 9 < 9.9.10-P2 / 9.9.10-S3 / 9.10.5-P2 / 9.10.5-S3 / 9.11.1-P2 Multiple Vulnerabilities");
script_summary(english:"Checks the version of BIND.");
script_set_attribute(attribute:"synopsis", value:
"The remote name server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the instance of ISC BIND 9
running on the remote name server is 9.9.x prior to 9.9.10-P2 or
9.9.10-S3, 9.10.x prior to 9.10.5-P2 or 9.10.5-S3, or 9.11.x prior to
9.11.1-P2. It is, therefore, affected by multiple vulnerabilities :
- A flaw exists in the Transaction Signature (TSIG)
authentication implementation when handling received
messages. An unauthenticated, remote attacker can
exploit this, via a specially crafted request packet, to
circumvent TSIG authentication of AXFR requests. Note
that to exploit this issue the attacker must be able to
send and receive messages to an authoritative DNS
server and have knowledge of a valid TSIG key name.
(CVE-2017-3142)
- A flaw exists in the Transaction Signature (TSIG)
authentication implementation when handling messages.
An unauthenticated, remote attacker can exploit this to
manipulate BIND into accepting an unauthorized dynamic
update. Note that to exploit this issue the attacker
must be able to send and receive messages to an
authoritative DNS server and have knowledge of a valid
TSIG key name for the zone and service being targeted.
(CVE-2017-3143)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://kb.isc.org/article/AA-01503");
script_set_attribute(attribute:"see_also", value:"https://kb.isc.org/article/AA-01504");
script_set_attribute(attribute:"see_also", value:"https://kb.isc.org/article/AA-01505");
script_set_attribute(attribute:"see_also", value:"https://kb.isc.org/article/AA-01506");
script_set_attribute(attribute:"see_also", value:"https://kb.isc.org/article/AA-01507");
script_set_attribute(attribute:"see_also", value:"https://kb.isc.org/article/AA-01508");
script_set_attribute(attribute:"see_also", value:"https://kb.isc.org/article/AA-01509");
script_set_attribute(attribute:"solution", value:
"Upgrade to ISC BIND version 9.9.10-P2 / 9.9.10-S3 / 9.10.5-P2 /
9.10.5-S3 / 9.11.1-P2 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3143");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/29");
script_set_attribute(attribute:"patch_publication_date", value:"2017/06/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/05");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"DNS");
script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("bind_version.nasl");
script_require_keys("bind/version", "Settings/ParanoidReport");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
ver = get_kb_item_or_exit("bind/version");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
if (
# 9.9.0 - 9.9.9
ver =~ "^9\.9\.[0-9]($|[^0-9])" ||
# 9.9.10 <= 9.9.10-P2/9.9.10-S3
ver =~ "^9\.9\.10((([ab]|beta|rc)[0-9]*)|(-P[0-1])|(-S[0-2]))?$" ||
# 9.10.0 - 9.10.4
ver =~ "^9\.10\.[0-4]($|[^0-9])" ||
# 9.10.5 <= 9.10.5-P2/9.10.5-S3
ver =~ "^9\.10\.5((([ab]|beta|rc)[0-9]*)|(-P[0-1])|(-S[0-2]))?$" ||
# 9.11.0
ver =~ "^9\.11\.0($|[^0-9])" ||
# 9.11.1.x <= 9.11.1-P2
ver =~ "^9\.11\.1((([ab]|beta|rc)[0-9]*)|(-P[0-1]))?$"
)
{
items = make_array(
"Installed version", ver,
"Fixed version", "9.9.10-P2 / 9.9.10-S3 / 9.10.5-P2 / 9.10.5-S3 / 9.11.1-P2"
);
order = make_list("Installed version", "Fixed version");
security_report_v4(
severity:SECURITY_WARNING,
port:53,
proto:"udp",
extra:report_items_str(
report_items:items,
ordered_fields:order
)
);
}
else audit(AUDIT_LISTEN_NOT_VULN, "BIND", 53, ver, "UDP");
References
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.04 Low
EPSS
Percentile
92.1%