Lucene search

K
ubuntucveUbuntu.comUB:CVE-2017-3143
HistoryJun 29, 2017 - 12:00 a.m.

CVE-2017-3143

2017-06-2900:00:00
ubuntu.com
ubuntu.com
27

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.055

Percentile

93.4%

An attacker who is able to send and receive messages to an authoritative
DNS server and who has knowledge of a valid TSIG key name for the zone and
service being targeted may be able to manipulate BIND into accepting an
unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1,
9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2,
9.10.5-S1->9.10.5-S2.

OSVersionArchitecturePackageVersionFilename
ubuntu17.10noarchbind9< 1:9.10.3.dfsg.P4-10.1ubuntu7UNKNOWN
ubuntu14.04noarchbind9< 1:9.9.5.dfsg-3ubuntu0.15UNKNOWN
ubuntu16.04noarchbind9< 1:9.10.3.dfsg.P4-8ubuntu1.7UNKNOWN
ubuntu16.10noarchbind9< 1:9.10.3.dfsg.P4-10.1ubuntu1.7UNKNOWN
ubuntu17.04noarchbind9< 1:9.10.3.dfsg.P4-10.1ubuntu5.1UNKNOWN

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.055

Percentile

93.4%