SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
BIND TSIG Authentication Bugs Let Remote Users Bypass Authentication to Transfer or Modify Zone Conetnt
SecurityTracker Alert ID:  1038809
SecurityTracker URL:  http://securitytracker.com/id/1038809
CVE Reference:   CVE-2017-3142, CVE-2017-3143   (Links to External Site)
Updated:  Jul 7 2017
Original Entry Date:  Jun 29 2017
Impact:   Disclosure of user information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.4.0 - 9.8.8, 9.9.0 - 9.9.10-P1, 9.10.0 - 9.10.5-P1, 9.11.0 - 9.11.1-P1, 9.9.3-S1 - 9.9.10-S2, 9.10.5-S1 - 9.10.5-S2
Description:   Two vulnerabilities were reported in BIND. A remote user can bypass TSIG authentication to transfer a zone or modify zone contents.

A remote user that can send and receive messages to an authoritative DNS server and with knowledge of a valid TSIG key name can send a specially crafted request packet to bypass TSIG authentication on AXFR requests and transfer the target zone [CVE-2017-3142].

A remote user that can send and receive messages to an authoritative DNS server and with knowledge of a valid TSIG key name can send specially crafted data to bypass TSIG authentication and cause the target server to accept an arbitrary dynamic update to the zone content [CVE-2017-3143].

Systems that rely solely on TSIG keys for access control are affected.

Clement Berthaux from Synacktiv reported these vulnerabilities.

Impact:   A remote user can bypass authentication to transfer a zone or modify zone contents.
Solution:   The vendor has issued a fix (9.9.10-P2, 9.10.5-P2, 9.11.1-P2).

[Editor's note: On July 6, 2017, the vendor reported that the fix for CVE-2017-3142 introduced a regression error, causing interoperability issues with other DNS software in certain cases. A patch is pending.]

The vendor advisories are available at:

https://kb.isc.org/article/AA-01503
https://kb.isc.org/article/AA-01504

Vendor URL:  kb.isc.org/article/AA-01504 (Links to External Site)
Cause:   Authentication error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 30 2017 (Ubuntu Issues Fix) BIND TSIG Authentication Bugs Let Remote Users Bypass Authentication to Transfer or Modify Zone Conetnt
Ubuntu has issued a fix for Ubuntu Linux 14.04 LTS, 16.04 LTS, 16.10, and 17.04.
Jul 6 2017 (Red Hat Issues Fix) BIND TSIG Authentication Bugs Let Remote Users Bypass Authentication to Transfer or Modify Zone Conetnt
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Jul 6 2017 (Red Hat Issues Fix) BIND TSIG Authentication Bugs Let Remote Users Bypass Authentication to Transfer or Modify Zone Conetnt
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Jul 6 2017 (CentOS Issues Fix) BIND TSIG Authentication Bugs Let Remote Users Bypass Authentication to Transfer or Modify Zone Conetnt
CentOS has issued a fix for CentOS 6.
Jul 6 2017 (CentOS Issues Fix) BIND TSIG Authentication Bugs Let Remote Users Bypass Authentication to Transfer or Modify Zone Conetnt
CentOS has issued a fix for CentOS 7.
Aug 26 2017 (IBM Issues Fix for IBM AIX) BIND TSIG Authentication Bugs Let Remote Users Bypass Authentication to Transfer or Modify Zone Conetnt
IBM has issued a fix for IBM AIX 5.3, 6.1, 7.1, 7.1.4, 7.2.0, and 7.2.1.
Sep 6 2017 (HPE Issues Fix) BIND TSIG Authentication Bugs Let Remote Users Bypass Authentication to Transfer or Modify Zone Conetnt
HPE has issued a fix for HP-UX B.11.31.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC