oss-sec mailing list archives
Re: ISC announces two BIND vulnerabilities
From: Yves-Alexis Perez <corsac () debian org>
Date: Fri, 30 Jun 2017 15:11:50 +0200
On Fri, 2017-06-30 at 12:41 +0200, Yves-Alexis Perez wrote:
CVE-2017-3043: An error in TSIG authentication can permit unauthorized dynamic updates
Sorry, this is a typo. It should be CVE-2017-3143. My apologies to ISC and all for the confusion.
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update.
-- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- ISC announces two BIND vulnerabilities ISC Security Officer (Jun 30)
- Re: ISC announces two BIND vulnerabilities Yves-Alexis Perez (Jun 30)
- Re: ISC announces two BIND vulnerabilities Solar Designer (Jun 30)
- Re: ISC announces two BIND vulnerabilities Yves-Alexis Perez (Jun 30)
- Re: ISC announces two BIND vulnerabilities Yves-Alexis Perez (Jun 30)