vulnerability

Ubuntu: USN-3346-2: Bind regression

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Sep 18, 2017	Sep 18, 2017	Feb 19, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Sep 18, 2017

Added

Sep 18, 2017

Modified

Feb 19, 2025

Description

USN-3346-1 fixed vulnerabilities in Bind. The fix forCVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem.

In addition, this update adds the new root zone key signing key (KSK).

Original advisory details:

ClÃ©ment Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. (CVE-2017-3143) ClÃ©ment Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire zones. (CVE-2017-3142)

Solution

ubuntu-upgrade-bind9

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today