Multiple vulnerabilitieshave been identified in ISC BIND. ISC BIND shipped with IBM SmartCloud Entry Appliance.
CVEID: CVE-2017-3142**
DESCRIPTION:** ISC BIND could allow a remote attacker to bypass security restrictions, caused by an error when an attacker can send and receive messages to an authoritative DNS server and has knowledge of a valid TSIG key name. By sending a specially crafted request packet, an attacker could exploit this vulnerability to bypass TSIG authentication on AXFR requests and transfer the target zone.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127901 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2017-3143**
DESCRIPTION:** ISC BIND could allow a remote attacker to bypass security restrictions, caused by an error when an attacker can send and receive messages to an authoritative DNS server and has knowledge of a valid TSIG key name. By sending specially crafted data, an attacker could exploit this vulnerability to bypass TSIG authentication and manipulate BIND into accepting an unauthorized dynamic update.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127902 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
For all IBM
For all IBM SmartCloud Entry releases, refer to information about the replacement program as per withdrawal announcement ENUS914-189 . For information about the latest release Cloud Manager for Openstack, please see http://www-01.ibm.com/support/docview.wss?uid=isg400003360. For any questions, contact IBM Support.
None