Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-3904-2:091C3
HistoryJul 23, 2017 - 7:07 p.m.

[SECURITY] [DSA 3904-2] bind9 regression update

2017-07-2319:07:02
lists.debian.org
12

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.7%

JSON

Debian Security Advisory DSA-3904-2 [email protected]
https://www.debian.org/security/ Yves-Alexis Perez
July 23, 2017 https://www.debian.org/security/faq

Package : bind9
Debian Bug : 868952

The security update announced as DSA-3904-1 in bind9 introduced a regression.
The fix for CVE-2017-3142 broke verification of TSIG signed TCP message
sequences where not all the messages contain TSIG records. This is conform to
the spec and may be used in AXFR and IXFR response.

For the oldstable distribution (jessie), this problem has been fixed
in version 1:9.9.5.dfsg-9+deb8u13.

For the stable distribution (stretch), this problem has been fixed in
version 1:9.10.3.dfsg.P4-12.3+deb9u2.

For the testing distribution (buster), this problem has been fixed
in version 1:9.10.3.dfsg.P4-12.5.

For the unstable distribution (sid), this problem has been fixed in
version 1:9.10.3.dfsg.P4-12.5.

We recommend that you upgrade your bind9 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8mipslibirs-export91< 1:9.9.5.dfsg-9+deb8u13libirs-export91_1:9.9.5.dfsg-9+deb8u13_mips.deb
Debian8i386libisc-export95-udeb< 1:9.9.5.dfsg-9+deb8u13libisc-export95-udeb_1:9.9.5.dfsg-9+deb8u13_i386.deb
Debian9mipsellibisccc-export140< 1:9.10.3.dfsg.P4-12.3+deb9u2libisccc-export140_1:9.10.3.dfsg.P4-12.3+deb9u2_mipsel.deb
Debian9armhflibirs141< 1:9.10.3.dfsg.P4-12.3+deb9u2libirs141_1:9.10.3.dfsg.P4-12.3+deb9u2_armhf.deb
Debian8kfreebsd-amd64libisccfg-export90-udeb< 1:9.9.5.dfsg-9+deb8u13libisccfg-export90-udeb_1:9.9.5.dfsg-9+deb8u13_kfreebsd-amd64.deb
Debian8kfreebsd-amd64libisc95< 1:9.9.5.dfsg-9+deb8u13libisc95_1:9.9.5.dfsg-9+deb8u13_kfreebsd-amd64.deb
Debian8kfreebsd-amd64libdns-export100< 1:9.9.5.dfsg-9+deb8u13libdns-export100_1:9.9.5.dfsg-9+deb8u13_kfreebsd-amd64.deb
Debian9armhflibirs141-dbgsym< 1:9.10.3.dfsg.P4-12.3+deb9u2libirs141-dbgsym_1:9.10.3.dfsg.P4-12.3+deb9u2_armhf.deb
Debian9arm64bind9utils-dbgsym< 1:9.10.3.dfsg.P4-12.3+deb9u2bind9utils-dbgsym_1:9.10.3.dfsg.P4-12.3+deb9u2_arm64.deb
Debian9arm64libisccfg-export140-dbgsym< 1:9.10.3.dfsg.P4-12.3+deb9u2libisccfg-export140-dbgsym_1:9.10.3.dfsg.P4-12.3+deb9u2_arm64.deb
Rows per page:
1-10 of 6681

Related

prion 1
cvelist 1
f5 1
veracode 1
osv 3
nvd 1
debiancve 1
nessus 38
ubuntucve 1
openvas 31
debian 3
ibm 8
alpinelinux 1
redhatcve 1
cve 1
suse 4
slackware 1
ubuntu 3
cloudfoundry 2
oraclelinux 2
fedora 13
centos 2
archlinux 1
redhat 2
aix 1
amazon 1
altlinux 2
mageia 1
prion
prion
Design/Logic Flaw
2019-01-16 20:29:00
cvelist
cvelist
CVE-2017-3142 An error in TSIG authentication can permit unauthorized zone transfers
2017-06-29 00:00:00
f5
f5
K59448931 : BIND vulnerability CVE-2017-3142
2017-06-30 00:00:00
veracode
veracode
Authentication Bypass
2019-01-15 09:18:18
osv
osv
CVE-2017-3142
2019-01-16 20:29:00
bind9 - security update
2017-07-13 00:00:00
bind9 - security update
2017-07-08 00:00:00
nvd
nvd
CVE-2017-3142
2019-01-16 20:29:00
debiancve
debiancve
CVE-2017-3142
2019-01-16 20:29:00
nessus
nessus
F5 Networks BIG-IP : BIND vulnerability (K59448931)
2017-12-26 00:00:00
OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0122)
2017-07-06 00:00:00
CentOS 7 : bind (CESA-2017:1680)
2017-07-06 00:00:00
ubuntucve
ubuntucve
CVE-2017-3142
2017-06-29 00:00:00
openvas
openvas
ISC BIND Information Disclosure Vulnerability (CVE-2017-3142) - Linux
2021-09-06 00:00:00
ISC BIND Information Disclosure Vulnerability (CVE-2017-3142) - Windows
2021-09-06 00:00:00
CentOS Update for bind CESA-2017:1680 centos7
2017-07-06 00:00:00
debian
debian
[SECURITY] [DLA 1025-2] bind9 regression update
2017-07-25 17:35:38
[SECURITY] [DSA 3904-1] bind9 security update
2017-07-08 12:56:02
[SECURITY] [DLA 1025-1] bind9 security update
2017-07-13 20:23:07
ibm
ibm
Security Bulletin: Vulnerability in bind affects IBM Chassis Management Module (CVE-2017-3142)
2019-01-31 02:25:02
Security Bulletin: Smart Cloud Entry is affected by ISC BIND vulnerabilities
2020-07-19 00:49:12
Security Bulletin: Vulnerabilities in ISC BIND affect PowerKVM
2018-06-18 01:37:05
alpinelinux
alpinelinux
CVE-2017-3142
2019-01-16 20:29:00
redhatcve
redhatcve
CVE-2017-3142
2017-06-30 04:48:39
cve
cve
CVE-2017-3142
2019-01-16 20:29:00
suse
suse
Security update for bind (important)
2017-07-07 00:14:32
Security update for bind (important)
2017-06-30 03:09:33
Security update for bind (important)
2017-06-30 03:10:50
slackware
slackware
[slackware-security] bind
2017-06-29 21:34:39
ubuntu
ubuntu
Bind vulnerabilities
2017-11-08 00:00:00
Bind regression
2017-09-18 00:00:00
bind9 vulnerabilities
2017-06-29 00:00:00
cloudfoundry
cloudfoundry
USN-3346-2: Bind regression | Cloud Foundry
2018-05-02 00:00:00
USN-3346-1: bind9 vulnerabilities | Cloud Foundry
2017-08-04 00:00:00
oraclelinux
oraclelinux
bind security and bug fix update
2017-07-05 00:00:00
bind security and bug fix update
2017-07-05 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: dhcp-4.3.4-4.fc24
2017-07-27 19:51:32
[SECURITY] Fedora 26 Update: bind-9.11.1-2.P2.fc26
2017-07-07 23:23:27
[SECURITY] Fedora 24 Update: bind99-9.9.10-2.P3.fc24
2017-07-27 19:51:32
centos
centos
bind security update
2017-07-05 18:28:39
bind security update
2017-07-05 18:39:59
archlinux
archlinux
[ASA-201707-3] bind: access restriction bypass
2017-07-04 00:00:00
redhat
redhat
(RHSA-2017:1679) Important: bind security and bug fix update
2017-07-05 05:47:45
(RHSA-2017:1680) Important: bind security and bug fix update
2017-07-05 05:48:46
aix
aix
There are vulnerabilities in BIND that impact AIX.
2017-08-23 09:01:23
amazon
amazon
Important: bind
2017-07-20 01:20:00
altlinux
altlinux
Security fix for the ALT Linux 9 package bind version 9.10.5.P3-alt1
2017-07-11 00:00:00
Security fix for the ALT Linux 8 package bind version 9.10.5.P3-alt1
2017-07-11 00:00:00
mageia
mageia
Updated bind packages fix security vulnerability
2017-12-31 15:00:06

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.7%

JSON
Related for DEBIAN:DSA-3904-2:091C3
prion1cvelist1f51veracode1osv3nvd1debiancve1nessus38ubuntucve1openvas31debian3ibm8alpinelinux1redhatcve1cve1suse4slackware1ubuntu3cloudfoundry2oraclelinux2fedora13centos2archlinux1redhat2aix1amazon1altlinux2mageia1