179 matches found
Security Bulletin: IBM i is affected by networking BIND vulnerabilities (CVE-2017-3142 and CVE-2017-3143)
Summary ISC BIND is vulnerable to several security vulnerabilities. IBM i has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-3142 DESCRIPTION: ISC BIND could allow a remote attacker to bypass security restrictions, caused by an error when an attacker can send and receive...
CVE-2017-3143
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0-9.8.8, 9.9.0-9.9.10-P1,...
ALPINE-CVE-2017-3143
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0-9.8.8, 9.9.0-9.9.10-P1,...
Design/Logic Flaw
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0-9.8.8, 9.9.0-9.9.10-P1,...
DEBIAN-CVE-2017-3143
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0-9.8.8, 9.9.0-9.9.10-P1,...
CVE-2017-3143 An error in TSIG authentication can permit unauthorized dynamic updates
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0-9.8.8, 9.9.0-9.9.10-P1,...
CVE-2017-3143
The CVE-2017-3143 issue is a TSIG authentication bypass in ISC BIND that could allow an attacker who can communicate with an authoritative DNS server and knows a valid TSIG key name to manipulate BIND into accepting an unauthorized dynamic update. The vulnerability affects multiple BIND releases ...
Security Bulletin: Vulnerabilities in ISC BIND affect PowerKVM
Summary PowerKVM is affected by vulnerabilities in ISC BIND. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-3143 DESCRIPTION: ISC BIND could allow a remote attacker to bypass security restrictions, caused by an error when an attacker can send and receive messag...
F5 Networks BIG-IP : BIND vulnerability (K02230327)
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0-9.8.8, 9.9.0-9.9.10-P1,...
2017-11 Dynamic Cumulative Update for Windows 10 Version 1709 for ARM64-based Systems (KB4048955)
ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...
2017-10 Dynamic Cumulative Update for Windows 10 Version 1709 for x86-based Systems (KB4043961)
ComponentUpdate: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft...
Debian DLA-1025-1 : bind9 security update
CVE-2017-3142 An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for...
Debian DSA-3904-1 : bind9 - security update
Clement Berthaux from Synaktiv discovered two vulnerabilities in BIND, a DNS server implementation. They allow an attacker to bypass TSIG authentication by sending crafted DNS packets to a server. - CVE-2017-3142 An attacker who is able to send and receive messages to an authoritative DNS server...
[SECURITY] [DSA 3904-1] bind9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3904-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez July 08, 2017 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3904-1 (bind9 - security update)
Clément Berthaux from Synaktiv discovered two vulnerabilities in BIND, a DNS server implementation. They allow an attacker to bypass TSIG authentication by sending crafted DNS packets to a server. CVE-2017-3142 An attacker who is able to send and receive messages to an authoritative DNS server an...
openSUSE Security Update : bind (openSUSE-2017-783)
This update for bind fixes the following issues : - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into 1 providing a...
SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2017:1736-1)
This update for bind fixes the following issues : - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into 1 providing a...
SUSE-SU-2017:1736-1 Security update for bind
This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into 1 providing an...
SUSE-SU-2017:1738-1 Security update for bind
This update for bind fixes the following issues: - An attacker with the ability to send and receive messages to an authoritative DNS server was able to circumvent TSIG authentication of AXFR requests. A server that relied solely on TSIG keys for protection could be manipulated into 1 providing an...
CVE-2017-3143
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0-9.8.8, 9.9.0-9.9.10-P1,...