Rapid7 Vulnerability & Exploit Database

Ubuntu: USN-3346-2: Bind regression

Back to Search

Ubuntu: USN-3346-2: Bind regression

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
09/18/2017
Created
07/25/2018
Added
09/18/2017
Modified
07/09/2020

Description

USN-3346-1 fixed vulnerabilities in Bind. The fix forCVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case where TSIG is used and not every message is signed. This update fixes the problem.

In addition, this update adds the new root zone key signing key (KSK).

Original advisory details:

Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. (CVE-2017-3143) Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An attacker could use this to improperly transfer entire zones. (CVE-2017-3142)

Solution(s)

  • ubuntu-upgrade-bind9

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;