4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.007 Low
EPSS
Percentile
80.7%
An attacker who is able to send and receive messages to an authoritative
DNS server and who has knowledge of a valid TSIG key name may be able to
circumvent TSIG authentication of AXFR requests via a carefully constructed
request packet. A server that relies solely on TSIG keys for protection
with no other ACL protection could be manipulated into: providing an AXFR
of a zone to an unauthorized recipient or accepting bogus NOTIFY packets.
Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1,
9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
Author | Note |
---|---|
sbeattie | may have introduced regression (see isc email) |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 17.10 | noarch | bind9 | < 1:9.10.3.dfsg.P4-10.1ubuntu7 | UNKNOWN |
ubuntu | 14.04 | noarch | bind9 | < 1:9.9.5.dfsg-3ubuntu0.15 | UNKNOWN |
ubuntu | 16.04 | noarch | bind9 | < 1:9.10.3.dfsg.P4-8ubuntu1.7 | UNKNOWN |
ubuntu | 16.10 | noarch | bind9 | < 1:9.10.3.dfsg.P4-10.1ubuntu1.7 | UNKNOWN |
ubuntu | 17.04 | noarch | bind9 | < 1:9.10.3.dfsg.P4-10.1ubuntu5.1 | UNKNOWN |
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.007 Low
EPSS
Percentile
80.7%